From: <pdo...@us...> - 2008-07-19 07:31:46
|
Revision: 13238 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13238&view=rev Author: pdontthink Date: 2008-07-19 07:31:43 +0000 (Sat, 19 Jul 2008) Log Message: ----------- Allow a different server address for the POP server to be configured when using POP before SMTP Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/class/deliver/Deliver_SMTP.class.php branches/SM-1_4-STABLE/squirrelmail/config/conf.pl branches/SM-1_4-STABLE/squirrelmail/config/config_default.php branches/SM-1_4-STABLE/squirrelmail/src/compose.php branches/SM-1_4-STABLE/squirrelmail/src/configtest.php branches/SM-1_4-STABLE/squirrelmail/src/read_body.php Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-07-19 04:38:04 UTC (rev 13237) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-07-19 07:31:43 UTC (rev 13238) @@ -11,6 +11,8 @@ long been in the file-based preference backend - Removed the Address Take (abook_take) plugin; please see the Add Address (third party) plugin. + - Allow a different server address for the POP server to be + configured when using POP before SMTP. Version 1.4.15 - 23 May 2008 ---------------------------- Modified: branches/SM-1_4-STABLE/squirrelmail/class/deliver/Deliver_SMTP.class.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/class/deliver/Deliver_SMTP.class.php 2008-07-19 04:38:04 UTC (rev 13237) +++ branches/SM-1_4-STABLE/squirrelmail/class/deliver/Deliver_SMTP.class.php 2008-07-19 07:31:43 UTC (rev 13238) @@ -27,11 +27,11 @@ } } - function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false) { + function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='') { global $use_smtp_tls, $smtp_auth_mech; if ($authpop) { - $this->authPop($host, '', $user, $pass); + $this->authPop($pop_host, '', $user, $pass); } $rfc822_header = $message->rfc822_header; Modified: branches/SM-1_4-STABLE/squirrelmail/config/conf.pl =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/config/conf.pl 2008-07-19 04:38:04 UTC (rev 13237) +++ branches/SM-1_4-STABLE/squirrelmail/config/conf.pl 2008-07-19 07:31:43 UTC (rev 13238) @@ -283,6 +283,7 @@ $useSendmail = "false" if ( lc($useSendmail) ne "true" ); $sendmail_path = "/usr/sbin/sendmail" if ( !$sendmail_path ); $pop_before_smtp = "false" if ( !$pop_before_smtp ) ; +$pop_before_smtp_host = '' if ( !$pop_before_smtp_host ) ; $default_unseen_notify = 2 if ( !$default_unseen_notify ); $default_unseen_type = 1 if ( !$default_unseen_type ); $config_use_color = 0 if ( !$config_use_color ); @@ -1123,9 +1124,34 @@ $new_pop_before_smtp = <STDIN>; $new_pop_before_smtp =~ tr/yn//cd; - return "true" if ( $new_pop_before_smtp eq "y" ); - return "false" if ( $new_pop_before_smtp eq "n" ); - return $pop_before_smtp; + if ( $new_pop_before_smtp eq "y" ) { + $new_pop_before_smtp = "true"; + } elsif ( $new_pop_before_smtp eq "n" ) { + $new_pop_before_smtp = "false"; + } else { + $new_pop_before_smtp = $pop_before_smtp; + } + + # if using POP before SMTP, allow setting of custom POP server address + if ($new_pop_before_smtp eq "true") { + print "$NRM\nIf the address of the POP server is not the same as\n"; + print "your SMTP server, you may specify it here. Leave blank (to\n"; + print "clear this, enter only spaces) to use the same address as\n"; + print "your SMTP server.\n"; + print "POP before SMTP server address [$WHT$pop_before_smtp_host$NRM]: $WHT"; + + $new_pop_before_smtp_host = <STDIN>; + if ( $new_pop_before_smtp_host eq "\n" ) { + $new_pop_before_smtp_host = $pop_before_smtp_host; + } elsif ($new_pop_before_smtp_host =~ /^\s+$/) { + $new_pop_before_smtp_host = ''; + } else { + $new_pop_before_smtp_host =~ s/[\r|\n]//g; + } + $pop_before_smtp_host = $new_pop_before_smtp_host; + } + + return $new_pop_before_smtp; } # imap_server_type @@ -3224,6 +3250,8 @@ # boolean print CF "\$pop_before_smtp = $pop_before_smtp;\n"; # string + print CF "\$pop_before_smtp_host = '$pop_before_smtp_host';\n"; + # string print CF "\$imap_server_type = '$imap_server_type';\n"; # boolean print CF "\$invert_time = $invert_time;\n"; Modified: branches/SM-1_4-STABLE/squirrelmail/config/config_default.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/config/config_default.php 2008-07-19 04:38:04 UTC (rev 13237) +++ branches/SM-1_4-STABLE/squirrelmail/config/config_default.php 2008-07-19 07:31:43 UTC (rev 13238) @@ -309,6 +309,18 @@ $pop_before_smtp = false; +/** + * POP before SMTP server address + * + * When using POP3 before SMTP, if the POP server address is + * not the same as the SMTP server address, specify it here. + * If this is left empty, the SMTP server address will be + * used by default. + * @global bool $pop_before_smtp_host + */ +$pop_before_smtp_host = ''; + + /*** Folder Settings ***/ /** * Default IMAP folder prefix Modified: branches/SM-1_4-STABLE/squirrelmail/src/compose.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/src/compose.php 2008-07-19 04:38:04 UTC (rev 13237) +++ branches/SM-1_4-STABLE/squirrelmail/src/compose.php 2008-07-19 07:31:43 UTC (rev 13238) @@ -1561,17 +1561,19 @@ if (!$useSendmail && !$draft) { require_once(SM_PATH . 'class/deliver/Deliver_SMTP.class.php'); $deliver = new Deliver_SMTP(); - global $smtpServerAddress, $smtpPort, $pop_before_smtp; + global $smtpServerAddress, $smtpPort, $pop_before_smtp, $pop_before_smtp_host; $authPop = (isset($pop_before_smtp) && $pop_before_smtp) ? true : false; $user = ''; $pass = ''; + if (empty($pop_before_smtp_host)) + $pop_before_smtp_host = $smtpServerAddress; get_smtp_user($user, $pass); $stream = $deliver->initStream($composeMessage,$domain,0, - $smtpServerAddress, $smtpPort, $user, $pass, $authPop); + $smtpServerAddress, $smtpPort, $user, $pass, $authPop, $pop_before_smtp_host); } elseif (!$draft) { require_once(SM_PATH . 'class/deliver/Deliver_SendMail.class.php'); global $sendmail_path, $sendmail_args; Modified: branches/SM-1_4-STABLE/squirrelmail/src/configtest.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/src/configtest.php 2008-07-19 04:38:04 UTC (rev 13237) +++ branches/SM-1_4-STABLE/squirrelmail/src/configtest.php 2008-07-19 07:31:43 UTC (rev 13238) @@ -368,15 +368,16 @@ /* POP before SMTP */ if($pop_before_smtp) { - $stream = fsockopen($smtpServerAddress, 110, $err_no, $err_str); + if (empty($pop_before_smtp_host)) $pop_before_smtp_host = $smtpServerAddress; + $stream = fsockopen($pop_before_smtp_host, 110, $err_no, $err_str); if (!$stream) { - do_err("Error connecting to POP Server ($smtpServerAddress:110) " + do_err("Error connecting to POP Server ($pop_before_smtp_host:110) " . $err_no . ' : ' . htmlspecialchars($err_str)); } $tmp = fgets($stream, 1024); if (substr($tmp, 0, 3) != '+OK') { - do_err("Error connecting to POP Server ($smtpServerAddress:110)" + do_err("Error connecting to POP Server ($pop_before_smtp_host:110)" . ' '.htmlspecialchars($tmp)); } fputs($stream, 'QUIT'); Modified: branches/SM-1_4-STABLE/squirrelmail/src/read_body.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/src/read_body.php 2008-07-19 04:38:04 UTC (rev 13237) +++ branches/SM-1_4-STABLE/squirrelmail/src/read_body.php 2008-07-19 07:31:43 UTC (rev 13238) @@ -316,17 +316,19 @@ } else { require_once(SM_PATH . 'class/deliver/Deliver_SMTP.class.php'); $deliver = new Deliver_SMTP(); - global $smtpServerAddress, $smtpPort, $pop_before_smtp; + global $smtpServerAddress, $smtpPort, $pop_before_smtp, $pop_before_smtp_host; $authPop = (isset($pop_before_smtp) && $pop_before_smtp) ? true : false; $user = ''; $pass = ''; + if (empty($pop_before_smtp_host)) + $pop_before_smtp_host = $smtpServerAddress; get_smtp_user($user, $pass); $stream = $deliver->initStream($composeMessage,$domain,0, - $smtpServerAddress, $smtpPort, $user, $pass, $authPop); + $smtpServerAddress, $smtpPort, $user, $pass, $authPop, $pop_before_smtp_host); } $success = false; if ($stream) { @@ -909,6 +911,7 @@ } } +//FIXME: one of these hooks should be removed if we can verify disuse (html_bottom?) do_hook('read_body_bottom'); do_hook('html_bottom'); sqimap_logout($imapConnection); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2008-07-20 21:18:01
|
Revision: 13243 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13243&view=rev Author: pdontthink Date: 2008-07-20 21:17:38 +0000 (Sun, 20 Jul 2008) Log Message: ----------- Allow plugins running on left_main_after_each_folder access to the trash folder too Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/src/left_main.php Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-07-20 20:49:17 UTC (rev 13242) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-07-20 21:17:38 UTC (rev 13243) @@ -13,6 +13,8 @@ Address (third party) plugin. - Allow a different server address for the POP server to be configured when using POP before SMTP. + - Update the left_main_after_each_folder hook to work on the trash + folder as well as all other folders. Version 1.4.15 - 23 May 2008 ---------------------------- Modified: branches/SM-1_4-STABLE/squirrelmail/src/left_main.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/src/left_main.php 2008-07-20 20:49:17 UTC (rev 13242) +++ branches/SM-1_4-STABLE/squirrelmail/src/left_main.php 2008-07-20 21:17:38 UTC (rev 13243) @@ -106,12 +106,12 @@ ' (<a href="empty_trash.php" style="text-decoration:none">'._("Purge").'</a>)' . '</small>'; } - } else { - $line .= concat_hook_function('left_main_after_each_folder', - array(isset($numMessages) ? $numMessages : '', - $real_box, $imapConnection)); } + $line .= concat_hook_function('left_main_after_each_folder', + array(isset($numMessages) ? $numMessages : '', + $real_box, $imapConnection)); + /* Return the final product. */ return ($line); } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ki...@us...> - 2008-09-28 13:19:17
|
Revision: 13289 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13289&view=rev Author: kink Date: 2008-09-28 13:19:08 +0000 (Sun, 28 Sep 2008) Log Message: ----------- Fix HTML validity issue with IE conditional construct (#1985916). This construct may only be used in HTML context, not CSS context. Thanks Haeber Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-09-26 19:09:30 UTC (rev 13288) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-09-28 13:19:08 UTC (rev 13289) @@ -15,6 +15,7 @@ configured when using POP before SMTP. - Update the left_main_after_each_folder hook to work on the trash folder as well as all other folders. + - Fix HTML validity issue with IE conditional construct (#1985916). Version 1.4.15 - 23 May 2008 ---------------------------- Modified: branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php 2008-09-26 19:09:30 UTC (rev 13288) +++ branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php 2008-09-28 13:19:08 UTC (rev 13289) @@ -53,14 +53,14 @@ /* work around IE6's scrollbar bug */ echo <<<ECHO +<!--[if IE 6]> <style type="text/css"> -<!--[if IE 6]> /* avoid stupid IE6 bug with frames and scrollbars */ body { width: expression(document.documentElement.clientWidth - 30); } +</style> <![endif]--> -</style> ECHO; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ki...@us...> - 2008-09-28 13:45:56
|
Revision: 13290 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13290&view=rev Author: kink Date: 2008-09-28 13:45:49 +0000 (Sun, 28 Sep 2008) Log Message: ----------- Backported sqsetcookie() from 1.5.2, so cookies won't be transmitted under non-SSL connections if the session is started under an SSL (https) connection (CVE-2008-3663) Also limits cookies to HTTPOnly, a feature of IE and Firefox to counter cross site scripting attacks. Patch by Paul Lesniewski of the SquirrelMail team. Thanks Hanno Boeck for discovery of this issue. Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/config/conf.pl branches/SM-1_4-STABLE/squirrelmail/functions/global.php branches/SM-1_4-STABLE/squirrelmail/src/redirect.php branches/SM-1_4-STABLE/squirrelmail/src/webmail.php Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-09-28 13:19:08 UTC (rev 13289) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-09-28 13:45:49 UTC (rev 13290) @@ -16,6 +16,11 @@ - Update the left_main_after_each_folder hook to work on the trash folder as well as all other folders. - Fix HTML validity issue with IE conditional construct (#1985916). + - Backported sqsetcookie() from 1.5.2, so cookies won't be + transmitted under non-SSL connections if the session is + started under an SSL (https) connection (CVE-2008-3663). + Also limits cookies to HTTPOnly, a feature of IE and Firefox + to counter cross site scripting attacks. Version 1.4.15 - 23 May 2008 ---------------------------- Modified: branches/SM-1_4-STABLE/squirrelmail/config/conf.pl =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/config/conf.pl 2008-09-28 13:19:08 UTC (rev 13289) +++ branches/SM-1_4-STABLE/squirrelmail/config/conf.pl 2008-09-28 13:45:49 UTC (rev 13290) @@ -353,6 +353,9 @@ $abook_global_file_listing = 'true' if ( !$abook_global_file_listing ); $abook_file_line_length = 2048 if ( !$abook_file_line_length ); +# Added in 1.4.16 +$only_secure_cookies = 'true' if ( !$only_secure_cookies ); + if ( $ARGV[0] eq '--install-plugin' ) { print "Activating plugin " . $ARGV[1] . "\n"; if ( -d "../plugins/" . $ARGV[1]) { @@ -528,23 +531,24 @@ print "R Return to Main Menu\n"; } elsif ( $menu == 4 ) { print $WHT. "General Options\n" . $NRM; - print "1. Data Directory : $WHT$data_dir$NRM\n"; - print "2. Attachment Directory : $WHT$attachment_dir$NRM\n"; - print "3. Directory Hash Level : $WHT$dir_hash_level$NRM\n"; - print "4. Default Left Size : $WHT$default_left_size$NRM\n"; - print "5. Usernames in Lowercase : $WHT$force_username_lowercase$NRM\n"; - print "6. Allow use of priority : $WHT$default_use_priority$NRM\n"; - print "7. Hide SM attributions : $WHT$hide_sm_attributions$NRM\n"; - print "8. Allow use of receipts : $WHT$default_use_mdn$NRM\n"; - print "9. Allow editing of identity : $WHT$edit_identity$NRM\n"; - print " Allow editing of name : $WHT$edit_name$NRM\n"; - print " Remove username from header : $WHT$hide_auth_header$NRM\n"; - print "10. Allow server thread sort : $WHT$allow_thread_sort$NRM\n"; - print "11. Allow server-side sorting : $WHT$allow_server_sort$NRM\n"; - print "12. Allow server charset search : $WHT$allow_charset_search$NRM\n"; - print "13. Enable UID support : $WHT$uid_support$NRM\n"; - print "14. PHP session name : $WHT$session_name$NRM\n"; - print "15. Location base : $WHT$config_location_base$NRM\n"; + print "1. Data Directory : $WHT$data_dir$NRM\n"; + print "2. Attachment Directory : $WHT$attachment_dir$NRM\n"; + print "3. Directory Hash Level : $WHT$dir_hash_level$NRM\n"; + print "4. Default Left Size : $WHT$default_left_size$NRM\n"; + print "5. Usernames in Lowercase : $WHT$force_username_lowercase$NRM\n"; + print "6. Allow use of priority : $WHT$default_use_priority$NRM\n"; + print "7. Hide SM attributions : $WHT$hide_sm_attributions$NRM\n"; + print "8. Allow use of receipts : $WHT$default_use_mdn$NRM\n"; + print "9. Allow editing of identity : $WHT$edit_identity$NRM\n"; + print " Allow editing of name : $WHT$edit_name$NRM\n"; + print " Remove username from header : $WHT$hide_auth_header$NRM\n"; + print "10. Allow server thread sort : $WHT$allow_thread_sort$NRM\n"; + print "11. Allow server-side sorting : $WHT$allow_server_sort$NRM\n"; + print "12. Allow server charset search : $WHT$allow_charset_search$NRM\n"; + print "13. Enable UID support : $WHT$uid_support$NRM\n"; + print "14. PHP session name : $WHT$session_name$NRM\n"; + print "15. Location base : $WHT$config_location_base$NRM\n"; + print "16. Only secure cookies if poss. : $WHT$only_secure_cookies$NRM\n"; print "\n"; print "R Return to Main Menu\n"; } elsif ( $menu == 5 ) { @@ -761,6 +765,7 @@ elsif ( $command == 13 ) { $uid_support = command313(); } elsif ( $command == 14 ) { $session_name = command314(); } elsif ( $command == 15 ) { $config_location_base = command_config_location_base(); } + elsif ( $command == 16 ) { $only_secure_cookies = command316(); } } elsif ( $menu == 5 ) { if ( $command == 1 ) { command41(); } elsif ( $command == 2 ) { $theme_css = command42(); } @@ -2404,6 +2409,34 @@ } +# only_secure_cookies (since 1.4.16) +sub command316 { + print "This option allows you to specify that if a user session is initiated\n"; + print "under a secure (HTTPS, SSL-encrypted) connection, the cookies given to\n"; + print "the browser will ONLY be transmitted via a secure connection henceforth.\n\n"; + print "Generally this is a Good Thing, and should NOT be disabled. However,\n"; + print "if you intend to use the Secure Login or Show SSL Link plugins to\n"; + print "encrypt the user login, but not the rest of the SquirrelMail session,\n"; + print "this can be turned off. Think twice before doing so.\n"; + print "\n"; + + if ( lc($only_secure_cookies) eq 'true' ) { + $default_value = "y"; + } else { + $default_value = "n"; + } + print "Transmit cookies only on secure connection when available? (y/n) [$WHT$default_value$NRM]: $WHT"; + $only_secure_cookies = <STDIN>; + if ( ( $only_secure_cookies =~ /^y\n/i ) || ( ( $only_secure_cookies =~ /^\n/ ) && ( $default_value eq "y" ) ) ) { + $only_secure_cookies = 'true'; + } else { + $only_secure_cookies = 'false'; + } + return $only_secure_cookies; +} + + + #################################################################################### #### THEMES #### sub command41 { @@ -3450,6 +3483,9 @@ print CF "\$session_name = '$session_name';\n"; + # boolean + print CF "\$only_secure_cookies = $only_secure_cookies;\n"; + print CF "\n"; print CF "\$config_location_base = '$config_location_base';\n"; Modified: branches/SM-1_4-STABLE/squirrelmail/functions/global.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/global.php 2008-09-28 13:19:08 UTC (rev 13289) +++ branches/SM-1_4-STABLE/squirrelmail/functions/global.php 2008-09-28 13:45:49 UTC (rev 13290) @@ -346,8 +346,8 @@ global $base_uri; - if (isset($_COOKIE[session_name()])) setcookie(session_name(), $_COOKIE[session_name()], 1, $base_uri); - if (isset($_COOKIE['key'])) setcookie('key', 'SQMTRASH', 1, $base_uri); + if (isset($_COOKIE[session_name()])) sqsetcookie(session_name(), $_COOKIE[session_name()], 1, $base_uri); + if (isset($_COOKIE['key'])) sqsetcookie('key', 'SQMTRASH', 1, $base_uri); $sessid = session_id(); if (!empty( $sessid )) { @@ -365,6 +365,104 @@ */ function sqsession_is_active() { + sqsession_start(); +} + +/** + * Function to start the session and store the cookie with the session_id as + * HttpOnly cookie which means that the cookie isn't accessible by javascript + * (IE6 only) + * Note that as sqsession_is_active() no longer discriminates as to when + * it calls this function, session_start() has to have E_NOTICE suppression + * (thus the @ sign). + * + * @return void + * + * @since 1.4.16 + * + */ +function sqsession_start() { + global $base_uri; + + session_set_cookie_params (0, $base_uri); @session_start(); + // could be: sq_call_function_suppress_errors('session_start'); + $session_id = session_id(); + + // session_starts sets the sessionid cookie but without the httponly var + // setting the cookie again sets the httponly cookie attribute + // + // need to check if headers have been sent, since sqsession_is_active() + // has become just a passthru to this function, so the sqsetcookie() + // below is called every time, even after headers have already been sent + // + if (!headers_sent()) + sqsetcookie(session_name(),$session_id,false,$base_uri); } +/** + * Set a cookie + * + * @param string $sName The name of the cookie. + * @param string $sValue The value of the cookie. + * @param int $iExpire The time the cookie expires. This is a Unix + * timestamp so is in number of seconds since + * the epoch. + * @param string $sPath The path on the server in which the cookie + * will be available on. + * @param string $sDomain The domain that the cookie is available. + * @param boolean $bSecure Indicates that the cookie should only be + * transmitted over a secure HTTPS connection. + * @param boolean $bHttpOnly Disallow JS to access the cookie (IE6/FF2) + * @param boolean $bReplace Replace previous cookies with same name? + * + * @return void + * + * @since 1.4.16 and 1.5.1 + * + */ +function sqsetcookie($sName, $sValue='deleted', $iExpire=0, $sPath="", $sDomain="", + $bSecure=false, $bHttpOnly=true, $bReplace=false) { + + // if we have a secure connection then limit the cookies to https only. + if ($sName && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']) { + $bSecure = true; + } + + // admin config can override the restriction of secure-only cookies + // + // (we have to check if the value is set and default it to true if + // not because when upgrading without re-running conf.pl, it will + // not be found in config/config.php and thusly evaluate to false, + // but we want to default people who upgrade to true due to security + // implications of setting this to false) + // + global $only_secure_cookies; + if (!isset($only_secure_cookies)) $only_secure_cookies = true; + if (!$only_secure_cookies) + $bSecure = false; + + if (false && check_php_version(5,2)) { + // php 5 supports the httponly attribute in setcookie, but because setcookie seems a bit + // broken we use the header function for php 5.2 as well. We might change that later. + //setcookie($sName,$sValue,(int) $iExpire,$sPath,$sDomain,$bSecure,$bHttpOnly); + } else { + if (!empty($sDomain)) { + // Fix the domain to accept domains with and without 'www.'. + if (strtolower(substr($sDomain, 0, 4)) == 'www.') $sDomain = substr($sDomain, 4); + $sDomain = '.' . $sDomain; + + // Remove port information. + $Port = strpos($sDomain, ':'); + if ($Port !== false) $sDomain = substr($sDomain, 0, $Port); + } + if (!$sValue) $sValue = 'deleted'; + header('Set-Cookie: ' . rawurlencode($sName) . '=' . rawurlencode($sValue) + . (empty($iExpire) ? '' : '; expires=' . gmdate('D, d-M-Y H:i:s', $iExpire) . ' GMT') + . (empty($sPath) ? '' : '; path=' . $sPath) + . (empty($sDomain) ? '' : '; domain=' . $sDomain) + . (!$bSecure ? '' : '; secure') + . (!$bHttpOnly ? '' : '; HttpOnly'), $bReplace); + } +} + Modified: branches/SM-1_4-STABLE/squirrelmail/src/redirect.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/src/redirect.php 2008-09-28 13:19:08 UTC (rev 13289) +++ branches/SM-1_4-STABLE/squirrelmail/src/redirect.php 2008-09-28 13:45:49 UTC (rev 13290) @@ -35,7 +35,6 @@ header('Pragma: no-cache'); $location = get_location(); -session_set_cookie_params (0, $base_uri); sqsession_is_active(); sqsession_unregister ('user_is_logged_in'); @@ -58,8 +57,7 @@ set_up_language($squirrelmail_language, true); /* Refresh the language cookie. */ -setcookie('squirrelmail_language', $squirrelmail_language, time()+2592000, - $base_uri); +sqsetcookie('squirrelmail_language', $squirrelmail_language, time()+2592000, $base_uri); if (!isset($login_username)) { include_once(SM_PATH . 'functions/display_messages.php' ); @@ -93,7 +91,7 @@ $username = $login_username; sqsession_register ($username, 'username'); - setcookie('key', $key, 0, $base_uri); + sqsetcookie('key', $key, 0, $base_uri); do_hook ('login_verified'); } Modified: branches/SM-1_4-STABLE/squirrelmail/src/webmail.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/src/webmail.php 2008-09-28 13:19:08 UTC (rev 13289) +++ branches/SM-1_4-STABLE/squirrelmail/src/webmail.php 2008-09-28 13:45:49 UTC (rev 13290) @@ -67,7 +67,7 @@ */ $my_language = getPref($data_dir, $username, 'language'); if ($my_language != $squirrelmail_language) { - setcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri); + sqsetcookie('squirrelmail_language', $my_language, time()+2592000, $base_uri); } set_up_language($my_language); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ki...@us...> - 2008-09-28 13:58:32
|
Revision: 13291 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13291&view=rev Author: kink Date: 2008-09-28 13:58:21 +0000 (Sun, 28 Sep 2008) Log Message: ----------- prepare for release Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/ReleaseNotes branches/SM-1_4-STABLE/squirrelmail/functions/strings.php Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-09-28 13:45:49 UTC (rev 13290) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-09-28 13:58:21 UTC (rev 13291) @@ -2,8 +2,8 @@ *** SquirrelMail Stable Series 1.4 *** ************************************** -Version 1.4.16 - SVN --------------------- +Version 1.4.16 - 28 September 2008 +---------------------------------- - Added support for Latvian. - Add submit button type option widget - Allow address book lookups by fields other than nickname/alias Modified: branches/SM-1_4-STABLE/squirrelmail/ReleaseNotes =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ReleaseNotes 2008-09-28 13:45:49 UTC (rev 13290) +++ branches/SM-1_4-STABLE/squirrelmail/ReleaseNotes 2008-09-28 13:58:21 UTC (rev 13291) @@ -1,7 +1,7 @@ /***************************************************************** - * Release Notes: SquirrelMail 1.4.15 * - * The "Plain Old Regular" Release * - * 22 May 2008 * + * Release Notes: SquirrelMail 1.4.16 * + * The "Taming the Cookie Monster" Release * + * 28 September 2008 * *****************************************************************/ In this edition of SquirrelMail Release Notes: @@ -16,13 +16,35 @@ All about this release ====================== -This release is a bugfix release for a number of issues identified since -1.4.13 was released. +This release addresses a security problem in SquirrelMail, aswell +as your regular collection of bug fixes and some improvements mainly +targeted at plugins. -Version number 1.4.14 was skipped, because some spammer decided to use this -version number in a phishing attempt. +Notable changes: + * Security fix, see below. + * Latvian was added as a new language. + * The abook_take plugin was removed. +Security issue +============== +An issue was fixed that allowed the cookies of a session started +over SSL (https) to be transmitted over HTTP aswell. This affects +installations that offer SquirrelMail both over HTTP and HTTPS. +This is known as setting the "secure" flag of the cookie. + +An override option has been added that can be used when you have +a need to continue a session over HTTP that has been started over +HTTPS, although we do not recommend that. + +We would like to thank Hanno Boeck for reporting this issue to us. +It is tracked as CVE-2008-3663. + +As an additional fortification, SquirrelMail now sets the HttpOnly +flag to counter possible future cross site scripting attacks in +some browsers (Internet Explorer 6+, Firefox 2.0.0.5+). + + Locales / Translations / Charsets ================================= Modified: branches/SM-1_4-STABLE/squirrelmail/functions/strings.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/strings.php 2008-09-28 13:45:49 UTC (rev 13290) +++ branches/SM-1_4-STABLE/squirrelmail/functions/strings.php 2008-09-28 13:58:21 UTC (rev 13291) @@ -16,7 +16,7 @@ * SquirrelMail version number -- DO NOT CHANGE */ global $version; -$version = '1.4.16 [SVN]'; +$version = '1.4.16'; /** * SquirrelMail internal version number -- DO NOT CHANGE This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ki...@us...> - 2008-09-28 14:58:18
|
Revision: 13293 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13293&view=rev Author: kink Date: 2008-09-28 14:58:07 +0000 (Sun, 28 Sep 2008) Log Message: ----------- prepare for further development Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/functions/strings.php Added Paths: ----------- branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.16.txt Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-09-28 13:59:48 UTC (rev 13292) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-09-28 14:58:07 UTC (rev 13293) @@ -2,6 +2,9 @@ *** SquirrelMail Stable Series 1.4 *** ************************************** +Version 1.4.17 - SVN +-------------------- + Version 1.4.16 - 28 September 2008 ---------------------------------- - Added support for Latvian. Copied: branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.16.txt (from rev 13291, branches/SM-1_4-STABLE/squirrelmail/ReleaseNotes) =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.16.txt (rev 0) +++ branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.16.txt 2008-09-28 14:58:07 UTC (rev 13293) @@ -0,0 +1,125 @@ +/***************************************************************** + * Release Notes: SquirrelMail 1.4.16 * + * The "Taming the Cookie Monster" Release * + * 28 September 2008 * + *****************************************************************/ + +In this edition of SquirrelMail Release Notes: + * All about this Release! + * Locales / Translations / Charsets + * Security issues + * Major updates + * A note on plugins + * Reporting my favorite SquirrelMail 1.4 bug + + +All about this release +====================== + +This release addresses a security problem in SquirrelMail, aswell +as your regular collection of bug fixes and some improvements mainly +targeted at plugins. + +Notable changes: + * Security fix, see below. + * Latvian was added as a new language. + * The abook_take plugin was removed. + +Security issue +============== + +An issue was fixed that allowed the cookies of a session started +over SSL (https) to be transmitted over HTTP aswell. This affects +installations that offer SquirrelMail both over HTTP and HTTPS. +This is known as setting the "secure" flag of the cookie. + +An override option has been added that can be used when you have +a need to continue a session over HTTP that has been started over +HTTPS, although we do not recommend that. + +We would like to thank Hanno Boeck for reporting this issue to us. +It is tracked as CVE-2008-3663. + +As an additional fortification, SquirrelMail now sets the HttpOnly +flag to counter possible future cross site scripting attacks in +some browsers (Internet Explorer 6+, Firefox 2.0.0.5+). + + +Locales / Translations / Charsets +================================= + +Since the release of 1.4.4, the the translations for SquirrelMail are +no longer part of the main package but have to be downloaded separately; +either in one large file or an individual language. You can find these +packages through our homepage. They also contain instructions on how +to install. + +That release also introduced a backport of the new Character set +decoding functions from the development branch, vastly increasing the +number of supported character sets and decoding performance. + + + +Major updates in 1.4 +==================== + +The 1.4.x series (as a result of 1.3 developent series) brings: + +* A complete rewrite of the way we send mail (Deliver-class), + and of the way we parse mail (MIME-bodystructure parsing). + This makes SquirrelMail more reliable and more efficient + at the same time! +* Support for IMAP UID which makes SquirrelMail more reliable. +* Optimizations to code and the number of IMAP calls; SquirrelMail + is now a very scalable webmail solution. +* Support for a wider range of authentication mechanisms. +* Lots of bugfixes, some new features and a couple of UI-tweaks. + + +A note on plugins +================= + +There have been major plugin architecture improvements since 1.2.x. Lots +of plugins have not yet been adapted to this. Plugins which are +distributed with this release (eg. in the same .tar.gz file) should work. +Plugin authors will need some time to adapt their plugins, so quite a few +plugins that did work with 1.2.x might not work with 1.4.x. + +So if you have ANY problem at all, first try turning off all plugins. +If one plugin seems to be the culprit, contact the author to see if +a 1.4.x version is underway. + +Plugins that worked with previous 1.4.x versions should continue to work +without changes with this version. + + +Reporting my favorite SquirrelMail 1.4 bug +========================================== + +We constantly aim to make SquirrelMail even better. So we need you to +submit any bug you come across! Also, please mention that the bug is +in this release, and list your IMAP server and webserver details. + + http://www.squirrelmail.org/bugs + +Thanks for your cooperation with this. That helps us to make +sure nothing slips through the cracks. Also, it would help if +people would check existing tracker items for a bug before reporting +it again. This would help to eliminate duplicate reports, and +increase the time we can spend CODING by DECREASING the time we +spend sorting through bug reports. And remember, check not only OPEN +bug reports, but also closed ones as a bug that you report MAY have +been fixed in our source code repository already. + +Any questions about installing or using SquirrelMail can be directed +to our user support list: + + squ...@li... + +If you want to join us in coding SquirrelMail, or have other +things to share with the developers, join the development mailinglist: + + squ...@li... + + Happy SquirrelMailing! + - The SquirrelMail Project Team Modified: branches/SM-1_4-STABLE/squirrelmail/functions/strings.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/strings.php 2008-09-28 13:59:48 UTC (rev 13292) +++ branches/SM-1_4-STABLE/squirrelmail/functions/strings.php 2008-09-28 14:58:07 UTC (rev 13293) @@ -16,14 +16,14 @@ * SquirrelMail version number -- DO NOT CHANGE */ global $version; -$version = '1.4.16'; +$version = '1.4.17 [SVN]'; /** * SquirrelMail internal version number -- DO NOT CHANGE * $sm_internal_version = array (release, major, minor) */ global $SQM_INTERNAL_VERSION; -$SQM_INTERNAL_VERSION = array(1,4,16); +$SQM_INTERNAL_VERSION = array(1,4,17); /** * There can be a circular issue with includes, where the $version string is This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2008-10-07 04:52:03
|
Revision: 13296 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13296&view=rev Author: pdontthink Date: 2008-10-07 04:48:50 +0000 (Tue, 07 Oct 2008) Log Message: ----------- Allow control over white space wrapping of auto-generated SquirrelMail option widgets Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/functions/options.php Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-10-07 04:48:28 UTC (rev 13295) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-10-07 04:48:50 UTC (rev 13296) @@ -4,6 +4,8 @@ Version 1.4.17 - SVN -------------------- + - Allow control over white space wrapping of auto-generated + SquirrelMail option widgets. Version 1.4.16 - 28 September 2008 ---------------------------------- Modified: branches/SM-1_4-STABLE/squirrelmail/functions/options.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/options.php 2008-10-07 04:48:28 UTC (rev 13295) +++ branches/SM-1_4-STABLE/squirrelmail/functions/options.php 2008-10-07 04:48:50 UTC (rev 13296) @@ -71,6 +71,7 @@ var $raw_option_array; var $name; var $caption; + var $caption_wrap; var $type; var $refresh_level; var $size; @@ -99,6 +100,7 @@ $this->raw_option_array = $raw_option_array; $this->name = $name; $this->caption = $caption; + $this->caption_wrap = TRUE; $this->type = $type; $this->refresh_level = $refresh_level; $this->possible_values = $possible_values; @@ -155,6 +157,11 @@ $this->new_value = $new_value; } + /* Set whether the caption is allowed to wrap for this option. */ + function setCaptionWrap($caption_wrap) { + $this->caption_wrap = $caption_wrap; + } + /* Set the size for this option. */ function setSize($size) { $this->size = $size; @@ -925,6 +932,11 @@ (isset($optset['htmlencoded']) ? $optset['htmlencoded'] : false) ); + /* If provided, set if the caption is allowed to wrap for this option. */ + if (isset($optset['caption_wrap'])) { + $next_option->setCaptionWrap($optset['caption_wrap']); + } + /* If provided, set the size for this option. */ if (isset($optset['size'])) { $next_option->setSize($optset['size']); @@ -1016,7 +1028,7 @@ . $option->caption . '</label>'; echo html_tag( 'tr', "\n". - html_tag( 'td', $option->caption . (!empty($option->caption) ? ':' : ''), 'right' ,'', 'valign="middle"' ) . + html_tag( 'td', $option->caption . (!empty($option->caption) ? ':' : ''), 'right' ,'', 'valign="middle"' . ($option->caption_wrap ? '' : ' style="white-space:nowrap"') ) . html_tag( 'td', $option->createHTMLWidget(), 'left' ) ) ."\n"; } else { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2008-10-07 09:42:02
|
Revision: 13298 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13298&view=rev Author: pdontthink Date: 2008-10-07 09:39:20 +0000 (Tue, 07 Oct 2008) Log Message: ----------- addrsrch_fullname needs to default to one of its allowable values Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/functions/addressbook.php branches/SM-1_4-STABLE/squirrelmail/include/load_prefs.php Modified: branches/SM-1_4-STABLE/squirrelmail/functions/addressbook.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/addressbook.php 2008-10-07 08:56:21 UTC (rev 13297) +++ branches/SM-1_4-STABLE/squirrelmail/functions/addressbook.php 2008-10-07 09:39:20 UTC (rev 13298) @@ -351,7 +351,7 @@ function full_address($row) { global $data_dir, $username; - $addrsrch_fullname = getPref($data_dir, $username, 'addrsrch_fullname'); + $addrsrch_fullname = getPref($data_dir, $username, 'addrsrch_fullname', 'fullname'); if ($addrsrch_fullname == 'fullname') return $row['name'] . ' <' . trim($row['email']) . '>'; else if ($addrsrch_fullname == 'nickname') Modified: branches/SM-1_4-STABLE/squirrelmail/include/load_prefs.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/include/load_prefs.php 2008-10-07 08:56:21 UTC (rev 13297) +++ branches/SM-1_4-STABLE/squirrelmail/include/load_prefs.php 2008-10-07 09:39:20 UTC (rev 13298) @@ -222,7 +222,7 @@ getPref($data_dir, $username, 'show_html_default', SMPREF_OFF); $addrsrch_fullname = - getPref($data_dir, $username, 'addrsrch_fullname', SMPREF_OFF); + getPref($data_dir, $username, 'addrsrch_fullname', 'fullname'); $enable_forward_as_attachment = getPref($data_dir, $username, 'enable_forward_as_attachment', SMPREF_ON); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2008-10-15 20:19:14
|
Revision: 13307 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13307&view=rev Author: pdontthink Date: 2008-10-15 20:19:08 +0000 (Wed, 15 Oct 2008) Log Message: ----------- Fix alternate identities matching on reply Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/src/compose.php Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-10-15 20:18:01 UTC (rev 13306) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-10-15 20:19:08 UTC (rev 13307) @@ -6,6 +6,7 @@ -------------------- - Allow control over white space wrapping of auto-generated SquirrelMail option widgets. + - Fix matching of alternate identities when replying. Version 1.4.16 - 28 September 2008 ---------------------------------- Modified: branches/SM-1_4-STABLE/squirrelmail/src/compose.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/src/compose.php 2008-10-15 20:18:01 UTC (rev 13306) +++ branches/SM-1_4-STABLE/squirrelmail/src/compose.php 2008-10-15 20:19:08 UTC (rev 13307) @@ -763,7 +763,8 @@ $enc_from_name = '"'.$data['full_name'].'" <'. $data['email_address'].'>'; if(strtolower($enc_from_name) == strtolower($orig_from)) { $identity = $nr; - break; + // don't stop! need to build $identities array for idents match below + //break; } $identities[] = $enc_from_name; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2008-11-26 02:54:16
|
Revision: 13335 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13335&view=rev Author: pdontthink Date: 2008-11-26 02:54:09 +0000 (Wed, 26 Nov 2008) Log Message: ----------- Fix HTTPS detection under Windows IIS (#2318118) Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/functions/global.php branches/SM-1_4-STABLE/squirrelmail/functions/strings.php Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-11-25 11:33:00 UTC (rev 13334) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-11-26 02:54:09 UTC (rev 13335) @@ -7,6 +7,9 @@ - Allow control over white space wrapping of auto-generated SquirrelMail option widgets. - Fix matching of alternate identities when replying. + - Fix HTTPS detection under Windows IIS that was incorrectly + setting cookies to be transmitted only over a secure + connections when none existed (#2318118). Version 1.4.16 - 28 September 2008 ---------------------------------- Modified: branches/SM-1_4-STABLE/squirrelmail/functions/global.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/global.php 2008-11-25 11:33:00 UTC (rev 13334) +++ branches/SM-1_4-STABLE/squirrelmail/functions/global.php 2008-11-26 02:54:09 UTC (rev 13335) @@ -83,6 +83,11 @@ require_once(SM_PATH . 'functions/strings.php'); require_once(SM_PATH . 'config/config.php'); +/** + * Detect SSL connections + */ +$is_secure_connection = is_ssl_secured_connection(); + /** set the name of the session cookie */ if(isset($session_name) && $session_name) { ini_set('session.name' , $session_name); @@ -425,9 +430,9 @@ $bSecure=false, $bHttpOnly=true, $bReplace=false) { // if we have a secure connection then limit the cookies to https only. - if ($sName && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']) { + global $is_secure_connection; + if ($sName && $is_secure_connection) $bSecure = true; - } // admin config can override the restriction of secure-only cookies // @@ -466,3 +471,52 @@ } } +/** + * Detect whether or not we have a SSL secured (HTTPS) + * connection to the browser + * + * It is thought to be so if you have 'SSLOptions +StdEnvVars' + * in your Apache configuration, + * OR if you have HTTPS set to a non-empty value (except "off") + * in your HTTP_SERVER_VARS, + * OR if you have HTTP_X_FORWARDED_PROTO=https in your HTTP_SERVER_VARS, + * OR if you are on port 443. + * + * Note: HTTP_X_FORWARDED_PROTO could be sent from the client and + * therefore possibly spoofed/hackable - for now, the + * administrator can tell SM to ignore this value by setting + * $sq_ignore_http_x_forwarded_headers to boolean TRUE in + * config/config_local.php, but in the future we may + * want to default this to TRUE and make administrators + * who use proxy systems turn it off (see 1.5.2+). + * + * Note: It is possible to run SSL on a port other than 443, and + * if that is the case, the administrator should set + * $sq_https_port to the applicable port number in + * config/config_local.php + * + * @return boolean TRUE if the current connection is SSL-encrypted; + * FALSE otherwise. + * + * @since 1.4.17 and 1.5.2 + * + */ +function is_ssl_secured_connection() +{ + global $sq_ignore_http_x_forwarded_headers, $sq_https_port; + $https_env_var = getenv('HTTPS'); + if ($sq_ignore_http_x_forwarded_headers + || !sqgetGlobalVar('HTTP_X_FORWARDED_PROTO', $forwarded_proto, SQ_SERVER)) + $forwarded_proto = ''; + if (empty($sq_https_port)) // won't work with port 0 (zero) + $sq_https_port = 443; + if ((isset($https_env_var) && strcasecmp($https_env_var, 'on') === 0) + || (sqgetGlobalVar('HTTPS', $https, SQ_SERVER) && !empty($https) + && strcasecmp($https, 'off') !== 0) + || (strcasecmp($forwarded_proto, 'https') === 0) + || (sqgetGlobalVar('SERVER_PORT', $server_port, SQ_SERVER) + && $server_port == $sq_https_port)) + return TRUE; + return FALSE; +} + Modified: branches/SM-1_4-STABLE/squirrelmail/functions/strings.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/strings.php 2008-11-25 11:33:00 UTC (rev 13334) +++ branches/SM-1_4-STABLE/squirrelmail/functions/strings.php 2008-11-26 02:54:09 UTC (rev 13335) @@ -275,7 +275,8 @@ */ function get_location () { - global $imap_server_type, $config_location_base; + global $imap_server_type, $config_location_base, + $is_secure_connection, $sq_ignore_http_x_forwarded_headers; /* Get the path, handle virtual directories */ if(strpos(php_self(), '?')) { @@ -299,25 +300,13 @@ /* Check if this is a HTTPS or regular HTTP request. */ $proto = 'http://'; - - /* - * If you have 'SSLOptions +StdEnvVars' in your apache config - * OR if you have HTTPS=on in your HTTP_SERVER_VARS - * OR if you have HTTP_X_FORWARDED_PROTO=https in your HTTP_SERVER_VARS - * OR if you are on port 443 - */ - $getEnvVar = getenv('HTTPS'); - if (!sqgetGlobalVar('HTTP_X_FORWARDED_PROTO', $forwarded_proto, SQ_SERVER)) - $forwarded_proto = ''; - if ((isset($getEnvVar) && strcasecmp($getEnvVar, 'on') === 0) || - (sqgetGlobalVar('HTTPS', $https_on, SQ_SERVER) && strcasecmp($https_on, 'on') === 0) || - (strcasecmp($forwarded_proto, 'https') === 0) || - (sqgetGlobalVar('SERVER_PORT', $server_port, SQ_SERVER) && $server_port == 443)) { + if ($is_secure_connection) $proto = 'https://'; - } /* Get the hostname from the Host header or server config. */ - if ( !sqgetGlobalVar('HTTP_X_FORWARDED_HOST', $host, SQ_SERVER) || empty($host) ) { + if ($sq_ignore_http_x_forwarded_headers + || !sqgetGlobalVar('HTTP_X_FORWARDED_HOST', $host, SQ_SERVER) + || empty($host)) { if ( !sqgetGlobalVar('HTTP_HOST', $host, SQ_SERVER) || empty($host) ) { if ( !sqgetGlobalVar('SERVER_NAME', $host, SQ_SERVER) || empty($host) ) { $host = ''; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2008-12-04 04:23:36
|
Revision: 13340 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13340&view=rev Author: pdontthink Date: 2008-12-04 04:23:33 +0000 (Thu, 04 Dec 2008) Log Message: ----------- Preparing for 1.4.17 release Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/ReleaseNotes branches/SM-1_4-STABLE/squirrelmail/functions/strings.php Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-12-04 04:20:40 UTC (rev 13339) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-12-04 04:23:33 UTC (rev 13340) @@ -2,14 +2,17 @@ *** SquirrelMail Stable Series 1.4 *** ************************************** -Version 1.4.17 - SVN --------------------- +Version 1.4.17 - 03 December 2008 +--------------------------------- - Allow control over white space wrapping of auto-generated SquirrelMail option widgets. - Fix matching of alternate identities when replying. - Fix HTTPS detection under Windows IIS that was incorrectly setting cookies to be transmitted only over a secure connections when none existed (#2318118). + - Security: Fix XSS exploit in hyperlinks when rendering + messages. Thanks to Secunia Research for reporting this + issue and for their patience. [CVE-2008-2379] Version 1.4.16 - 28 September 2008 ---------------------------------- Modified: branches/SM-1_4-STABLE/squirrelmail/ReleaseNotes =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ReleaseNotes 2008-12-04 04:20:40 UTC (rev 13339) +++ branches/SM-1_4-STABLE/squirrelmail/ReleaseNotes 2008-12-04 04:23:33 UTC (rev 13340) @@ -1,7 +1,7 @@ /***************************************************************** - * Release Notes: SquirrelMail 1.4.16 * - * The "Taming the Cookie Monster" Release * - * 28 September 2008 * + * Release Notes: SquirrelMail 1.4.17 * + * The "Backbone" Release * + * 03 December 2008 * *****************************************************************/ In this edition of SquirrelMail Release Notes: @@ -9,49 +9,40 @@ * Locales / Translations / Charsets * Security issues * Major updates - * A note on plugins * Reporting my favorite SquirrelMail 1.4 bug All about this release ====================== -This release addresses a security problem in SquirrelMail, aswell -as your regular collection of bug fixes and some improvements mainly -targeted at plugins. +This release addresses a security problem in SquirrelMail, as well +as a couple small bug fixes/improvements. Notable changes: * Security fix, see below. - * Latvian was added as a new language. - * The abook_take plugin was removed. + * Cookies no longer sent as HTTPS-only under IIS unless the + connection really is secure. + * Alternate identities are correctly matched when replying + to mesages. Security issue ============== -An issue was fixed that allowed the cookies of a session started -over SSL (https) to be transmitted over HTTP aswell. This affects -installations that offer SquirrelMail both over HTTP and HTTPS. -This is known as setting the "secure" flag of the cookie. +An issue was fixed that allowed an attacker to send specially- +crafted hyperlinks in a message that could execute cross-site +scripting (XSS) when the user viewed the message in SquirrelMail. -An override option has been added that can be used when you have -a need to continue a session over HTTP that has been started over -HTTPS, although we do not recommend that. +We would like to thank Secunia Research for reporting this issue +to us. It is tracked as CVE-2008-2379. -We would like to thank Hanno Boeck for reporting this issue to us. -It is tracked as CVE-2008-3663. -As an additional fortification, SquirrelMail now sets the HttpOnly -flag to counter possible future cross site scripting attacks in -some browsers (Internet Explorer 6+, Firefox 2.0.0.5+). - - Locales / Translations / Charsets ================================= Since the release of 1.4.4, the the translations for SquirrelMail are no longer part of the main package but have to be downloaded separately; either in one large file or an individual language. You can find these -packages through our homepage. They also contain instructions on how +packages through our web site. They also contain instructions on how to install. That release also introduced a backport of the new Character set @@ -59,7 +50,6 @@ number of supported character sets and decoding performance. - Major updates in 1.4 ==================== @@ -76,50 +66,50 @@ * Lots of bugfixes, some new features and a couple of UI-tweaks. -A note on plugins -================= - -There have been major plugin architecture improvements since 1.2.x. Lots -of plugins have not yet been adapted to this. Plugins which are -distributed with this release (eg. in the same .tar.gz file) should work. -Plugin authors will need some time to adapt their plugins, so quite a few -plugins that did work with 1.2.x might not work with 1.4.x. - -So if you have ANY problem at all, first try turning off all plugins. -If one plugin seems to be the culprit, contact the author to see if -a 1.4.x version is underway. - -Plugins that worked with previous 1.4.x versions should continue to work -without changes with this version. - - Reporting my favorite SquirrelMail 1.4 bug ========================================== We constantly aim to make SquirrelMail even better. So we need you to -submit any bug you come across! Also, please mention that the bug is -in this release, and list your IMAP server and webserver details. +submit any bug you come across! However, before you do so, please have +a look at our various support resources to make sure the issue isn't +already known or solved: + http://squirrelmail.org/docs/admin/admin-10.html + http://squirrelmail.org/docs/admin/admin-12.html + http://squirrelmail.org/wiki/KnownBugs + http://squirrelmail.org/wiki/SolvingProblems + +You should also search existing tracker items for your issue (remember +to check for CLOSED and PENDING items as well as OPEN ones) - if you +find such an (open) item, please do add any more details you have to +it to help us fix and close the bug report. + +When reporting a new bug, please mention what SquirrelMail release(s) +it pertains to, and list as many details about your system as possible, +including your IMAP server and web server details. + http://www.squirrelmail.org/bugs -Thanks for your cooperation with this. That helps us to make -sure nothing slips through the cracks. Also, it would help if -people would check existing tracker items for a bug before reporting -it again. This would help to eliminate duplicate reports, and -increase the time we can spend CODING by DECREASING the time we -spend sorting through bug reports. And remember, check not only OPEN -bug reports, but also closed ones as a bug that you report MAY have -been fixed in our source code repository already. +Thanks for your cooperation! This helps us to make sure nothing slips +through the cracks. Any questions about installing or using SquirrelMail can be directed to our user support list: - squ...@li... + squ...@li... -If you want to join us in coding SquirrelMail, or have other -things to share with the developers, join the development mailinglist: +When posting support requests there, please carefully follow our posting +guidelines: + http://squirrelmail.org/postingguidelines + +If you want to join us in coding SquirrelMail, or have other things to +share with the developers, join the development mailinglist: + squ...@li... + Happy SquirrelMailing! + - The SquirrelMail Project Team + Modified: branches/SM-1_4-STABLE/squirrelmail/functions/strings.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/strings.php 2008-12-04 04:20:40 UTC (rev 13339) +++ branches/SM-1_4-STABLE/squirrelmail/functions/strings.php 2008-12-04 04:23:33 UTC (rev 13340) @@ -16,7 +16,7 @@ * SquirrelMail version number -- DO NOT CHANGE */ global $version; -$version = '1.4.17 [SVN]'; +$version = '1.4.17'; /** * SquirrelMail internal version number -- DO NOT CHANGE This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2008-12-04 04:51:44
|
Revision: 13342 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13342&view=rev Author: pdontthink Date: 2008-12-04 04:51:40 +0000 (Thu, 04 Dec 2008) Log Message: ----------- Defrosting; code is now ready for continued development on 1.4.18 Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/functions/strings.php Added Paths: ----------- branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.17.txt Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-12-04 04:24:58 UTC (rev 13341) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-12-04 04:51:40 UTC (rev 13342) @@ -2,6 +2,9 @@ *** SquirrelMail Stable Series 1.4 *** ************************************** +Version 1.4.18 - SVN +-------------------- + Version 1.4.17 - 03 December 2008 --------------------------------- - Allow control over white space wrapping of auto-generated Copied: branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.17.txt (from rev 13340, branches/SM-1_4-STABLE/squirrelmail/ReleaseNotes) =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.17.txt (rev 0) +++ branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.17.txt 2008-12-04 04:51:40 UTC (rev 13342) @@ -0,0 +1,115 @@ +/***************************************************************** + * Release Notes: SquirrelMail 1.4.17 * + * The "Backbone" Release * + * 03 December 2008 * + *****************************************************************/ + +In this edition of SquirrelMail Release Notes: + * All about this Release! + * Locales / Translations / Charsets + * Security issues + * Major updates + * Reporting my favorite SquirrelMail 1.4 bug + + +All about this release +====================== + +This release addresses a security problem in SquirrelMail, as well +as a couple small bug fixes/improvements. + +Notable changes: + * Security fix, see below. + * Cookies no longer sent as HTTPS-only under IIS unless the + connection really is secure. + * Alternate identities are correctly matched when replying + to mesages. + +Security issue +============== + +An issue was fixed that allowed an attacker to send specially- +crafted hyperlinks in a message that could execute cross-site +scripting (XSS) when the user viewed the message in SquirrelMail. + +We would like to thank Secunia Research for reporting this issue +to us. It is tracked as CVE-2008-2379. + + +Locales / Translations / Charsets +================================= + +Since the release of 1.4.4, the the translations for SquirrelMail are +no longer part of the main package but have to be downloaded separately; +either in one large file or an individual language. You can find these +packages through our web site. They also contain instructions on how +to install. + +That release also introduced a backport of the new Character set +decoding functions from the development branch, vastly increasing the +number of supported character sets and decoding performance. + + +Major updates in 1.4 +==================== + +The 1.4.x series (as a result of 1.3 developent series) brings: + +* A complete rewrite of the way we send mail (Deliver-class), + and of the way we parse mail (MIME-bodystructure parsing). + This makes SquirrelMail more reliable and more efficient + at the same time! +* Support for IMAP UID which makes SquirrelMail more reliable. +* Optimizations to code and the number of IMAP calls; SquirrelMail + is now a very scalable webmail solution. +* Support for a wider range of authentication mechanisms. +* Lots of bugfixes, some new features and a couple of UI-tweaks. + + +Reporting my favorite SquirrelMail 1.4 bug +========================================== + +We constantly aim to make SquirrelMail even better. So we need you to +submit any bug you come across! However, before you do so, please have +a look at our various support resources to make sure the issue isn't +already known or solved: + + http://squirrelmail.org/docs/admin/admin-10.html + http://squirrelmail.org/docs/admin/admin-12.html + http://squirrelmail.org/wiki/KnownBugs + http://squirrelmail.org/wiki/SolvingProblems + +You should also search existing tracker items for your issue (remember +to check for CLOSED and PENDING items as well as OPEN ones) - if you +find such an (open) item, please do add any more details you have to +it to help us fix and close the bug report. + +When reporting a new bug, please mention what SquirrelMail release(s) +it pertains to, and list as many details about your system as possible, +including your IMAP server and web server details. + + http://www.squirrelmail.org/bugs + +Thanks for your cooperation! This helps us to make sure nothing slips +through the cracks. + +Any questions about installing or using SquirrelMail can be directed +to our user support list: + + squ...@li... + +When posting support requests there, please carefully follow our posting +guidelines: + + http://squirrelmail.org/postingguidelines + +If you want to join us in coding SquirrelMail, or have other things to +share with the developers, join the development mailinglist: + + squ...@li... + + + Happy SquirrelMailing! + + - The SquirrelMail Project Team + Modified: branches/SM-1_4-STABLE/squirrelmail/functions/strings.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/strings.php 2008-12-04 04:24:58 UTC (rev 13341) +++ branches/SM-1_4-STABLE/squirrelmail/functions/strings.php 2008-12-04 04:51:40 UTC (rev 13342) @@ -16,14 +16,14 @@ * SquirrelMail version number -- DO NOT CHANGE */ global $version; -$version = '1.4.17'; +$version = '1.4.18 [SVN]'; /** * SquirrelMail internal version number -- DO NOT CHANGE * $sm_internal_version = array (release, major, minor) */ global $SQM_INTERNAL_VERSION; -$SQM_INTERNAL_VERSION = array(1,4,17); +$SQM_INTERNAL_VERSION = array(1,4,18); /** * There can be a circular issue with includes, where the $version string is This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2008-12-19 08:39:19
|
Revision: 13378 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13378&view=rev Author: pdontthink Date: 2008-12-19 08:39:12 +0000 (Fri, 19 Dec 2008) Log Message: ----------- Add password option widget Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/functions/options.php Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-12-19 08:37:39 UTC (rev 13377) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2008-12-19 08:39:12 UTC (rev 13378) @@ -7,6 +7,7 @@ - Fix port detection in automatic base URL detection scheme (get_location()) (#2388423) - Add informational type option widget + - Add password type option widget Version 1.4.17 - 03 December 2008 --------------------------------- Modified: branches/SM-1_4-STABLE/squirrelmail/functions/options.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/options.php 2008-12-19 08:37:39 UTC (rev 13377) +++ branches/SM-1_4-STABLE/squirrelmail/functions/options.php 2008-12-19 08:39:12 UTC (rev 13378) @@ -34,6 +34,7 @@ define('SMOPT_TYPE_STRLIST_RADIO', 14); define('SMOPT_TYPE_SUBMIT', 15); define('SMOPT_TYPE_INFO', 16); +define('SMOPT_TYPE_PASSWORD', 17); /* Define constants for the layout scheme for edit lists. */ define('SMOPT_EDIT_LIST_LAYOUT_LIST', 0); @@ -234,6 +235,9 @@ case SMOPT_TYPE_STRING: $result = $this->createWidget_String(); break; + case SMOPT_TYPE_PASSWORD: + $result = $this->createWidget_String(TRUE); + break; case SMOPT_TYPE_STRLIST: $result = $this->createWidget_StrList(); break; @@ -305,7 +309,17 @@ return $result; } - function createWidget_String() { + /** + * Create text box + * + * @param boolean $password When TRUE, the text in the input + * widget will be obscured (OPTIONAL; + * default = FALSE). + * + * @return string html formated text input + * + */ + function createWidget_String($password=FALSE) { switch ($this->size) { case SMOPT_SIZE_TINY: $width = 5; @@ -324,7 +338,9 @@ $width = 25; } - $result = "<input type=\"text\" name=\"new_$this->name\" value=\"" + $result = "<input type=\"" + . ($password ? 'password' : 'text') + . "\" name=\"new_$this->name\" value=\"" . htmlspecialchars($this->value) . "\" size=\"$width\" $this->script /> " . htmlspecialchars($this->trailing_text) . "\n"; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <jan...@us...> - 2009-01-03 23:48:10
|
Revision: 13388 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13388&view=rev Author: jangliss Date: 2009-01-03 23:48:07 +0000 (Sat, 03 Jan 2009) Log Message: ----------- - Fix for (spam) filters plugin scanning only the first message returned - Backported fetch handling code from dev for upcoming code optimizations - Removed some uses of code marked as "obsolete" from core code, and core plugins - Altered sqimap_msgs_lists_copy to actually COPY, and not MOVE - Created _move function. Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/functions/imap_messages.php branches/SM-1_4-STABLE/squirrelmail/functions/tree.php branches/SM-1_4-STABLE/squirrelmail/plugins/delete_move_next/setup.php branches/SM-1_4-STABLE/squirrelmail/plugins/filters/filters.php branches/SM-1_4-STABLE/squirrelmail/plugins/spamcop/setup.php branches/SM-1_4-STABLE/squirrelmail/src/delete_message.php branches/SM-1_4-STABLE/squirrelmail/src/move_messages.php Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2009-01-03 00:14:42 UTC (rev 13387) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2009-01-03 23:48:07 UTC (rev 13388) @@ -8,6 +8,19 @@ (get_location()) (#2388423) - Add informational type option widget - Add password type option widget + - Fix filters plugin to allow spam filters to scan multiple + messages, rather than the first message returned (#1634735). + - Removed code from spam filters plugin to stop if falling back + to searching all messages when there was no new messages. + - Altered filters plugin to issue single move/delete statement + for multiple messages. + - Updated some core code, and several plugins, to not use code + marked as obsolete. + - Corrected sqimap_msgs_list_copy to actually copy messages, + rather than move. + - Created new sqimap_msgs_list_copy to move messages. + - Migrated some fetch handling code from dev branch in plans to + update some core functionality to allow reusability of code. Version 1.4.17 - 03 December 2008 --------------------------------- Modified: branches/SM-1_4-STABLE/squirrelmail/functions/imap_messages.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/imap_messages.php 2009-01-03 00:14:42 UTC (rev 13387) +++ branches/SM-1_4-STABLE/squirrelmail/functions/imap_messages.php 2009-01-03 23:48:07 UTC (rev 13388) @@ -15,21 +15,49 @@ /** - * Moves a set of messages ($id) to another mailbox ($mailbox) - * WARNING: function name does not match performed operation. - * Function performs message copy and flags existing messages - * as deleted + * Copies a set of messages ($id) to another mailbox ($mailbox) + * + * @param int $imap_stream The resource ID for the IMAP socket + * @param mixed $id A string or array of messages to copy + * @param string $mailbox The mailbox to copy messages to + * @return bool Returns true on successful copy, false on failure */ function sqimap_msgs_list_copy($imap_stream, $id, $mailbox) { global $uid_support; $msgs_id = sqimap_message_list_squisher($id); $read = sqimap_run_command ($imap_stream, "COPY $msgs_id \"$mailbox\"", true, $response, $message, $uid_support); - $read = sqimap_run_command ($imap_stream, "STORE $msgs_id +FLAGS (\\Deleted)", true, $response, $message, $uid_support); + + if ($response == 'OK') { + return true; + } else { + return false; + } } /** + * Moves a set of messages ($id) to another mailbox ($mailbox) + * + * @param int $imap_stream The resource ID for the IMAP socket + * @param mixed $id A string or array of messages to copy + * @param string $mailbox The destination mailbox + * @param bool $handle_errors Show error messages in case of a NO, BAD, or BYE response + * @return bool If move completed without error. + */ +function sqimap_msgs_list_move($imap_stream, $id, $mailbox, $handle_errors = true) { + if (sqimap_msgs_list_copy ($imap_stream, $id, $mailbox, $handle_errors)) { + return sqimap_toggle_flag($imap_stream, $id, '\\Deleted', true, true); + } else { + return false; + } +} + +/** * Deletes a message and move it to trash or expunge the mailbox + * + * @param int $imap_stream The resource ID for the IMAP socket + * @param string $mailbox The mailbox to delete messages from + * @param mixed $id A string or array of messages to delete */ function sqimap_msgs_list_delete($imap_stream, $mailbox, $id) { global $move_to_trash, $trash_folder, $uid_support; @@ -479,7 +507,174 @@ } } + /** + * Parses a fetch response + * + * @param array $aResponse IMAP Response + * @param array $aMessageList Placeholder array for results. The keys of the + * placeholder array should be the UID so we can reconstruct the order. + * @return array $aMessageList Associative array with messages. + */ +function parseFetch(&$aResponse, $aMessageList = array()) { + for($j=0, $iCnt = count($aResponse);$j<$iCnt; ++$j) { + $aMsg = array(); + + $read = implode('', $aResponse[$j]); + // Clear up some memory + unset($aResponse[$j]); + + /* + *<space>#id<space>FETCH<space>(.... + */ + + $i_space = strpos($read,' ', 2); + $id = substr($read, 2, $i_space - 2); + $aMsg['ID'] = $id; + $fetch = substr($read, $i_space+1,5); + + if (!is_numeric($id) && $fetch !== 'FETCH') { + $aMsg['ERROR'] = $read; + break; + } + + $i = strpos($read, '(', $i_space+5); + $read = substr($read, $i+1); + $i_len = strlen($read); + $i = 0; + + while($i < $i_len && $i !== false) { + $read = trim(substr($read, $i)); + $i_len = strlen($read); + $i = strpos($read, ' '); + $arg = substr($read,0,$i); + ++$i; + + switch($arg) { + case 'UID': + $i_pos = strpos($read,' ',$i); + if (!$i_pos) { + $i_pos = strpos($read, ')', $i); + } + if ($i_pos) { + $unique_id = substr($read, $i, $i_pos-$i); + $i = $i_pos + 1; + } else { + break 3; + } + break; + case 'FLAGS': + $flags = parseArray($read, $i); + if (!$flags) break 3; + $aFlags = array(); + foreach($flags as $flag) { + $flag = strtolower($flag); + $aFlags[$flag] = true; + } + $aMsg['FLAGS'] = $aFlags; + break; + case 'RFC822.SIZE': + $i_pos = strpos($read, ' ', $i); + if (!$i_pos) { + $i_pos = strpos($read, ')', $i); + } + if ($i_pos) { + $aMsg['SIZE'] = substr($read,$i,$i_pos-$i); + $i = $i_pos + 1; + } else { + break 3; + } + break; + case 'ENVELOPE': + // sqimap_parse_address($read,$i,$aMsg); + break; // to be implemented, moving imap code out of the Message class + case 'BODYSTRUCTURE': + break; // to be implemented, moving imap code out of the Message class + case 'INTERNALDATE': + $aMsg['INTERNALDATE'] = trim(str_replace(' ', ' ',parseString($read,$i))); + break; + case 'BODY.PEEK[HEADER.FIELDS': + case 'BODY[HEADER.FIELDS': + $i = strpos($read,'{',$i); // header is always returned as literal because it contain \n characters + $header = parseString($read,$i); + if ($header === false) break 2; + /* First we replace all \r\n by \n, and unfold the header */ + $hdr = trim(str_replace(array("\r\n", "\n\t", "\n "),array("\n", ' ', ' '), $header)); + /* Now we can make a new header array with + each element representing a headerline */ + $aHdr = explode("\n" , $hdr); + $aReceived = array(); + foreach ($aHdr as $line) { + $pos = strpos($line, ':'); + if ($pos > 0) { + $field = strtolower(substr($line, 0, $pos)); + if (!strstr($field,' ')) { /* valid field */ + $value = trim(substr($line, $pos+1)); + switch($field) { + case 'date': + $aMsg['date'] = trim(str_replace(' ', ' ', $value)); + break; + case 'x-priority': $aMsg['x-priority'] = ($value) ? (int) $value{0} : 3; break; + case 'priority': + case 'importance': + // duplicate code with Rfc822Header.cls:parsePriority() + if (!isset($aMsg['x-priority'])) { + $aPrio = preg_split('/\s/',trim($value)); + $sPrio = strtolower(array_shift($aPrio)); + if (is_numeric($sPrio)) { + $iPrio = (int) $sPrio; + } elseif ( $sPrio == 'non-urgent' || $sPrio == 'low' ) { + $iPrio = 5; + } elseif ( $sPrio == 'urgent' || $sPrio == 'high' ) { + $iPrio = 1; + } else { + // default is normal priority + $iPrio = 3; + } + $aMsg['x-priority'] = $iPrio; + } + break; + case 'content-type': + $type = $value; + if ($pos = strpos($type, ";")) { + $type = substr($type, 0, $pos); + } + $type = explode("/", $type); + if(!is_array($type) || count($type) < 2) { + $aMsg['content-type'] = array('text','plain'); + } else { + $aMsg['content-type'] = array(strtolower($type[0]),strtolower($type[1])); + } + break; + case 'received': + $aMsg['received'][] = $value; + break; + default: + $aMsg[$field] = $value; + break; + } + } + } + } + break; + default: + ++$i; + break; + } + } + if (!empty($unique_id)) { + $msgi = "$unique_id"; + $aMsg['UID'] = $unique_id; + } else { + $msgi = ''; + } + $aMessageList[$msgi] = $aMsg; + $aResponse[$j] = NULL; + } + return $aMessageList; +} + +/** * Normalise the different Priority headers into a uniform value, * namely that of the X-Priority header (1, 3, 5). Supports: * Prioirty, X-Priority, Importance. Modified: branches/SM-1_4-STABLE/squirrelmail/functions/tree.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/tree.php 2009-01-03 00:14:42 UTC (rev 13387) +++ branches/SM-1_4-STABLE/squirrelmail/functions/tree.php 2009-01-03 23:48:07 UTC (rev 13388) @@ -145,7 +145,7 @@ $mbx_response = sqimap_mailbox_select($imap_stream, $tree[$index]['value']); $messageCount = $mbx_response['EXISTS']; if ($messageCount > 0) { - sqimap_messages_copy($imap_stream, 1, '*', $trash_folder . $delimiter . $subFolderName); + sqimap_msgs_list_copy($imap_stream, '1:*', $trash_folder . $delimiter . $subFolderName); } // after copy close the mailbox to get in unselected state sqimap_run_command($imap_stream,'CLOSE',false,$response,$message); @@ -156,7 +156,7 @@ $mbx_response = sqimap_mailbox_select($imap_stream, $tree[$index]['value']); $messageCount = $mbx_response['EXISTS']; if ($messageCount > 0) { - sqimap_messages_copy($imap_stream, 1, '*', $trash_folder . $delimiter . $subFolderName); + sqimap_msgs_list_copy($imap_stream, '1:*', $trash_folder . $delimiter . $subFolderName); } // after copy close the mailbox to get in unselected state sqimap_run_command($imap_stream,'CLOSE',false,$response,$message); Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/delete_move_next/setup.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/plugins/delete_move_next/setup.php 2009-01-03 00:14:42 UTC (rev 13387) +++ branches/SM-1_4-STABLE/squirrelmail/plugins/delete_move_next/setup.php 2009-01-03 23:48:07 UTC (rev 13388) @@ -278,7 +278,7 @@ sqgetGlobalVar('delete_id', $delete_id, SQ_GET); sqgetGlobalVar('mailbox', $mailbox, SQ_GET); - sqimap_messages_delete($imapConnection, $delete_id, $delete_id, $mailbox); + sqimap_msgs_list_delete($imapConnection, $mailbox, $delete_id); if ($auto_expunge) { delete_move_expunge_from_all($delete_id); // sqimap_mailbox_expunge($imapConnection, $mailbox, true); @@ -293,8 +293,7 @@ sqgetGlobalVar('targetMailbox', $targetMailbox, SQ_POST); // Move message - sqimap_messages_copy($imapConnection, $move_id, $move_id, $targetMailbox); - sqimap_messages_flag($imapConnection, $move_id, $move_id, 'Deleted', true); + sqimap_msgs_list_move($imapConnection, $move_id, $targetMailbox); if ($auto_expunge) { delete_move_expunge_from_all($move_id); // sqimap_mailbox_expunge($imapConnection, $mailbox, true); Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/filters/filters.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/plugins/filters/filters.php 2009-01-03 00:14:42 UTC (rev 13387) +++ branches/SM-1_4-STABLE/squirrelmail/plugins/filters/filters.php 2009-01-03 23:48:07 UTC (rev 13388) @@ -340,9 +340,8 @@ */ for ($j=2, $num = count($ids); $j < $num; $j++) { $id = trim($ids[$j]); - if (sqimap_messages_copy ($imap, $id, $id, $where_to, false)) { + if (sqimap_msgs_list_move($imap, $id, $where_to)) { $del_id[] = $id; - sqimap_messages_flag ($imap, $id, $id, 'Deleted', false); } } } @@ -369,119 +368,102 @@ filters_LoadCache(); } - $run = 0; + $run = false; foreach ($filters as $Key=> $Value) { if ($Value['enabled']) { - $run ++; + $run = true; + break; } } // short-circuit - if ($run == 0) { + if (!$run) { return; } sqimap_mailbox_select($imap_stream, 'INBOX'); - // Ask for a big list of all "Received" headers in the inbox with - // flags for each message. Kinda big. - if ($filters_spam_scan != 'new') { - $read = sqimap_run_command($imap_stream, 'FETCH 1:* (FLAGS BODY.PEEK[HEADER.FIELDS ' . - '(RECEIVED)])', true, $response, $message, $uid_support); - } else { + $search_array = array(); + if ($filters_spam_scan == 'new') { $read = sqimap_run_command($imap_stream, 'SEARCH UNSEEN', true, $response, $message, $uid_support); - if ($response != 'OK' || trim($read[0]) == '* SEARCH') { - $read = sqimap_run_command($imap_stream, 'FETCH 1:* (FLAGS BODY.PEEK[HEADER.FIELDS ' . - '(RECEIVED)])', true, $response, $message, $uid_support); - } else { - if (isset($read[0])) { - if (preg_match("/^\* SEARCH (.+)$/", $read[0], $regs)) { - $search_array = preg_split("/ /", trim($regs[1])); + if (isset($read[0])) { + for ($i = 0, $iCnt = count($read); $i < $iCnt; ++$i) { + if (preg_match("/^\* SEARCH (.+)$/", $read[$i], $regs)) { + $search_array = explode(' ', trim($regs[1])); + break; } } - $msgs_str = sqimap_message_list_squisher($search_array); - $imap_query = 'FETCH '.$msgs_str; - $imap_query .= ' (FLAGS BODY.PEEK[HEADER.FIELDS '; - $imap_query .= '(RECEIVED)])'; - $read = sqimap_run_command($imap_stream,$imap_query, true, $response, $message, $uid_support); } } + if ($filters_spam_scan == 'new' && count($search_array)) { + $msg_str = sqimap_message_list_squisher($search_array); + $imap_query = 'FETCH ' . $msg_str . ' (FLAGS BODY.PEEK[HEADER.FIELDS (RECEIVED)])'; + } else if ($filters_spam_scan != 'new') { + $imap_query = 'FETCH 1:* (FLAGS BODY.PEEK[HEADER.FIELDS (RECEIVED)])'; + } else { + return; + } + + $read = sqimap_run_command_list($imap_stream, $imap_query, true, $response, $message, $uid_support); + if (isset($response) && $response != 'OK') { return; } + + $messages = parseFetch($read, $search_array); + + $bulkquery = (strlen($SpamFilters_BulkQuery) > 0 ? true : false); - if (strlen($SpamFilters_BulkQuery) > 0) { - filters_bulkquery($filters_spam_scan, $filters, $read); - } - - $i = 0; - while ($i < count($read)) { - // EIMS will give funky results - $Chunks = explode(' ', $read[$i]); - if ($Chunks[0] != '*') { - $i ++; - continue; + foreach($messages as $id=>$message) { + if (isset($message['UID'])) { + $MsgNum = $message['UID']; + } else { + $MsgNum = $id; } - $MsgNum = $Chunks[1]; - - $IPs = array(); - $i ++; - $IsSpam = 0; - - // Look through all of the Received headers for IP addresses - // Stop when I get ")" on a line - // Stop if I get "*" on a line (don't advance) - // and above all, stop if $i is bigger than the total # of lines - while (($i < count($read)) && - ($read[$i][0] != ')' && $read[$i][0] != '*' && - $read[$i][0] != "\n") && (! $IsSpam)) { - // Check to see if this line is the right "Received from" line - // to check - if (is_int(strpos($read[$i], $SpamFilters_YourHop))) { - - // short-circuit and skip work if we don't scan this one - $read[$i] = ereg_replace('[^0-9\.]', ' ', $read[$i]); - $elements = explode(' ', $read[$i]); - foreach ($elements as $value) { - if ($value != '' && - ereg('[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}', - $value, $regs)) { - $Chunks = explode('.', $value); - if (filters_spam_check_site($Chunks[0], - $Chunks[1], $Chunks[2], $Chunks[3], - $filters)) { - $IsSpam ++; - break; // no sense in checking more IPs + + if (isset($message['received'])) { + foreach($message['received'] as $received) { + if (is_int(strpos($received, $SpamFilters_YourHop))) { + if (preg_match('/([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/', $received, $matches)) { + $IsSpam = false; + if (filters_spam_check_site($matches[1], $matches[2], $matches[3], $matches[4], $filters)) { + $aSpamIds[] = $MsgNum; + $IsSpam = true; } - // If we've checked one IP and YourHop is - // just a space - if ($SpamFilters_YourHop == ' ') { - break; // don't check any more + + if ($bulkquery) { + array_shift($matches); + $IP = explode('.', $matches); + foreach($filters as $key=>$value) { + if ($filters[$key]['enabled'] && $filters[$key]['dns']) { + if (strlen($SpamFilters_DNScache[$IP . '.' . $filters[$key]['dns']]) == 0) { + $IPs[$IP] = true; + break; + } + } + } } + + if ($SpamFilters_YourHop == ' ' || $IsSpam) { + break; + } } } } - $i ++; } - - // Lookie! It's spam! Yum! - if ($IsSpam) { - if (sqimap_mailbox_exists($imap_stream, $filters_spam_folder)) { - // check if message copy was successful - if (sqimap_messages_copy ($imap_stream, $MsgNum, $MsgNum, - $filters_spam_folder, false)) { - sqimap_messages_flag ($imap_stream, $MsgNum, $MsgNum, - 'Deleted', false); - } - } - } else { - } } + + if (count($aSpamIds) && sqimap_mailbox_exists($imap_stream, $filters_spam_folder)) { + sqimap_msgs_list_move($imap_stream, $aSpamIds, $filters_spam_folder); + sqimap_mailbox_expunge($imap_stream, 'INBOX', true, $aSpamIds); + } + + if ($bulkquery && count($IPs)) { + filters_bulkquery($filters, $IPs); + } - sqimap_mailbox_expunge($imap_stream, 'INBOX'); - if ($SpamFilters_SharedCache) { filters_SaveCache(); } else { Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/spamcop/setup.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/plugins/spamcop/setup.php 2009-01-03 00:14:42 UTC (rev 13387) +++ branches/SM-1_4-STABLE/squirrelmail/plugins/spamcop/setup.php 2009-01-03 23:48:07 UTC (rev 13388) @@ -131,8 +131,7 @@ if ($spamcop_delete) { $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0); sqimap_mailbox_select($imapConnection, $mailbox); - sqimap_messages_delete($imapConnection, $spamcop_is_composing, - $spamcop_is_composing, $mailbox); + sqimap_msgs_list_delete($imapConnection, $mailbox, $spamcop_is_composing); if ($auto_expunge) sqimap_mailbox_expunge($imapConnection, $mailbox, true); } Modified: branches/SM-1_4-STABLE/squirrelmail/src/delete_message.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/src/delete_message.php 2009-01-03 00:14:42 UTC (rev 13387) +++ branches/SM-1_4-STABLE/squirrelmail/src/delete_message.php 2009-01-03 23:48:07 UTC (rev 13388) @@ -54,7 +54,7 @@ sqimap_mailbox_select($imapConnection, $mailbox); -sqimap_messages_delete($imapConnection, $message, $message, $mailbox); +sqimap_msgs_list_delete($imapConnection, $mailbox, $message); if ($auto_expunge) { sqimap_mailbox_expunge($imapConnection, $mailbox, true); } Modified: branches/SM-1_4-STABLE/squirrelmail/src/move_messages.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/src/move_messages.php 2009-01-03 00:14:42 UTC (rev 13387) +++ branches/SM-1_4-STABLE/squirrelmail/src/move_messages.php 2009-01-03 23:48:07 UTC (rev 13388) @@ -231,7 +231,7 @@ if (count($id)) { // move messages only when target mailbox is not the same as source mailbox if ($mailbox!=$targetMailbox) { - sqimap_msgs_list_copy($imapConnection,$id,$targetMailbox); + sqimap_msgs_list_move($imapConnection,$id,$targetMailbox); if ($auto_expunge) { $cnt = sqimap_mailbox_expunge($imapConnection, $mailbox, true); } else { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: Paul L. <pa...@sq...> - 2009-04-05 08:20:29
|
Jon, Sorry for the late reply on this, but: 1) Was any of the filters/spam changes applicable to DEVEL too? 2) Are you sure you want to change the known functionality of sqimap_msgs_list_copy()? Yes, it's HIGHLY annoying that the function is mis-named, but this being stable code, I wouldn't think we'd want to change out the functionality of the core. It may be better to leave the name of the *move* function "sqimap_msgs_list_copy" and create a new *copy* function named something such as "sqimap_msgs_list_copy_for_real". The downside to that last idea is that it really diverges from 1.5 compatibility even more than it already does. I know that at least the Spam Buttons plugin depends on the sqimap_msgs_list_copy() function as it was (with *move* functionality). Fortunately, I have it inside a wrapper that is specifically intended to fix the naming problem, and it is a very fast change to alter the version number check that it does therein..... but I don't know if there are some other plugins out there that will break because of this change. Thoughts? On Sat, Jan 3, 2009 at 4:48 PM, <jan...@us...> wrote: > Revision: 13388 > http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13388&view=rev > Author: jangliss > Date: 2009-01-03 23:48:07 +0000 (Sat, 03 Jan 2009) > > Log Message: > ----------- > - Fix for (spam) filters plugin scanning only the first message returned > - Backported fetch handling code from dev for upcoming code optimizations > - Removed some uses of code marked as "obsolete" from core code, and core plugins > - Altered sqimap_msgs_lists_copy to actually COPY, and not MOVE > - Created _move function. > > Modified Paths: > -------------- > branches/SM-1_4-STABLE/squirrelmail/ChangeLog > branches/SM-1_4-STABLE/squirrelmail/functions/imap_messages.php > branches/SM-1_4-STABLE/squirrelmail/functions/tree.php > branches/SM-1_4-STABLE/squirrelmail/plugins/delete_move_next/setup.php > branches/SM-1_4-STABLE/squirrelmail/plugins/filters/filters.php > branches/SM-1_4-STABLE/squirrelmail/plugins/spamcop/setup.php > branches/SM-1_4-STABLE/squirrelmail/src/delete_message.php > branches/SM-1_4-STABLE/squirrelmail/src/move_messages.php > > Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog > =================================================================== > --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2009-01-03 00:14:42 UTC (rev 13387) > +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2009-01-03 23:48:07 UTC (rev 13388) > @@ -8,6 +8,19 @@ > (get_location()) (#2388423) > - Add informational type option widget > - Add password type option widget > + - Fix filters plugin to allow spam filters to scan multiple > + messages, rather than the first message returned (#1634735). > + - Removed code from spam filters plugin to stop if falling back > + to searching all messages when there was no new messages. > + - Altered filters plugin to issue single move/delete statement > + for multiple messages. > + - Updated some core code, and several plugins, to not use code > + marked as obsolete. > + - Corrected sqimap_msgs_list_copy to actually copy messages, > + rather than move. > + - Created new sqimap_msgs_list_copy to move messages. > + - Migrated some fetch handling code from dev branch in plans to > + update some core functionality to allow reusability of code. > > Version 1.4.17 - 03 December 2008 > --------------------------------- > > Modified: branches/SM-1_4-STABLE/squirrelmail/functions/imap_messages.php > =================================================================== > --- branches/SM-1_4-STABLE/squirrelmail/functions/imap_messages.php 2009-01-03 00:14:42 UTC (rev 13387) > +++ branches/SM-1_4-STABLE/squirrelmail/functions/imap_messages.php 2009-01-03 23:48:07 UTC (rev 13388) > @@ -15,21 +15,49 @@ > > > /** > - * Moves a set of messages ($id) to another mailbox ($mailbox) > - * WARNING: function name does not match performed operation. > - * Function performs message copy and flags existing messages > - * as deleted > + * Copies a set of messages ($id) to another mailbox ($mailbox) > + * > + * @param int $imap_stream The resource ID for the IMAP socket > + * @param mixed $id A string or array of messages to copy > + * @param string $mailbox The mailbox to copy messages to > + * @return bool Returns true on successful copy, false on failure > */ > function sqimap_msgs_list_copy($imap_stream, $id, $mailbox) { > global $uid_support; > $msgs_id = sqimap_message_list_squisher($id); > $read = sqimap_run_command ($imap_stream, "COPY $msgs_id \"$mailbox\"", true, $response, $message, $uid_support); > - $read = sqimap_run_command ($imap_stream, "STORE $msgs_id +FLAGS (\\Deleted)", true, $response, $message, $uid_support); > + > + if ($response == 'OK') { > + return true; > + } else { > + return false; > + } > } > > > /** > + * Moves a set of messages ($id) to another mailbox ($mailbox) > + * > + * @param int $imap_stream The resource ID for the IMAP socket > + * @param mixed $id A string or array of messages to copy > + * @param string $mailbox The destination mailbox > + * @param bool $handle_errors Show error messages in case of a NO, BAD, or BYE response > + * @return bool If move completed without error. > + */ > +function sqimap_msgs_list_move($imap_stream, $id, $mailbox, $handle_errors = true) { > + if (sqimap_msgs_list_copy ($imap_stream, $id, $mailbox, $handle_errors)) { > + return sqimap_toggle_flag($imap_stream, $id, '\\Deleted', true, true); > + } else { > + return false; > + } > +} > + > +/** > * Deletes a message and move it to trash or expunge the mailbox > + * > + * @param int $imap_stream The resource ID for the IMAP socket > + * @param string $mailbox The mailbox to delete messages from > + * @param mixed $id A string or array of messages to delete > */ > function sqimap_msgs_list_delete($imap_stream, $mailbox, $id) { > global $move_to_trash, $trash_folder, $uid_support; > @@ -479,7 +507,174 @@ > } > } > > + > /** > + * Parses a fetch response > + * > + * @param array $aResponse IMAP Response > + * @param array $aMessageList Placeholder array for results. The keys of the > + * placeholder array should be the UID so we can reconstruct the order. > + * @return array $aMessageList Associative array with messages. > + */ > +function parseFetch(&$aResponse, $aMessageList = array()) { > + for($j=0, $iCnt = count($aResponse);$j<$iCnt; ++$j) { > + $aMsg = array(); > + > + $read = implode('', $aResponse[$j]); > + // Clear up some memory > + unset($aResponse[$j]); > + > + /* > + *<space>#id<space>FETCH<space>(.... > + */ > + > + $i_space = strpos($read,' ', 2); > + $id = substr($read, 2, $i_space - 2); > + $aMsg['ID'] = $id; > + $fetch = substr($read, $i_space+1,5); > + > + if (!is_numeric($id) && $fetch !== 'FETCH') { > + $aMsg['ERROR'] = $read; > + break; > + } > + > + $i = strpos($read, '(', $i_space+5); > + $read = substr($read, $i+1); > + $i_len = strlen($read); > + $i = 0; > + > + while($i < $i_len && $i !== false) { > + $read = trim(substr($read, $i)); > + $i_len = strlen($read); > + $i = strpos($read, ' '); > + $arg = substr($read,0,$i); > + ++$i; > + > + switch($arg) { > + case 'UID': > + $i_pos = strpos($read,' ',$i); > + if (!$i_pos) { > + $i_pos = strpos($read, ')', $i); > + } > + if ($i_pos) { > + $unique_id = substr($read, $i, $i_pos-$i); > + $i = $i_pos + 1; > + } else { > + break 3; > + } > + break; > + case 'FLAGS': > + $flags = parseArray($read, $i); > + if (!$flags) break 3; > + $aFlags = array(); > + foreach($flags as $flag) { > + $flag = strtolower($flag); > + $aFlags[$flag] = true; > + } > + $aMsg['FLAGS'] = $aFlags; > + break; > + case 'RFC822.SIZE': > + $i_pos = strpos($read, ' ', $i); > + if (!$i_pos) { > + $i_pos = strpos($read, ')', $i); > + } > + if ($i_pos) { > + $aMsg['SIZE'] = substr($read,$i,$i_pos-$i); > + $i = $i_pos + 1; > + } else { > + break 3; > + } > + break; > + case 'ENVELOPE': > + // sqimap_parse_address($read,$i,$aMsg); > + break; // to be implemented, moving imap code out of the Message class > + case 'BODYSTRUCTURE': > + break; // to be implemented, moving imap code out of the Message class > + case 'INTERNALDATE': > + $aMsg['INTERNALDATE'] = trim(str_replace(' ', ' ',parseString($read,$i))); > + break; > + case 'BODY.PEEK[HEADER.FIELDS': > + case 'BODY[HEADER.FIELDS': > + $i = strpos($read,'{',$i); // header is always returned as literal because it contain \n characters > + $header = parseString($read,$i); > + if ($header === false) break 2; > + /* First we replace all \r\n by \n, and unfold the header */ > + $hdr = trim(str_replace(array("\r\n", "\n\t", "\n "),array("\n", ' ', ' '), $header)); > + /* Now we can make a new header array with > + each element representing a headerline */ > + $aHdr = explode("\n" , $hdr); > + $aReceived = array(); > + foreach ($aHdr as $line) { > + $pos = strpos($line, ':'); > + if ($pos > 0) { > + $field = strtolower(substr($line, 0, $pos)); > + if (!strstr($field,' ')) { /* valid field */ > + $value = trim(substr($line, $pos+1)); > + switch($field) { > + case 'date': > + $aMsg['date'] = trim(str_replace(' ', ' ', $value)); > + break; > + case 'x-priority': $aMsg['x-priority'] = ($value) ? (int) $value{0} : 3; break; > + case 'priority': > + case 'importance': > + // duplicate code with Rfc822Header.cls:parsePriority() > + if (!isset($aMsg['x-priority'])) { > + $aPrio = preg_split('/\s/',trim($value)); > + $sPrio = strtolower(array_shift($aPrio)); > + if (is_numeric($sPrio)) { > + $iPrio = (int) $sPrio; > + } elseif ( $sPrio == 'non-urgent' || $sPrio == 'low' ) { > + $iPrio = 5; > + } elseif ( $sPrio == 'urgent' || $sPrio == 'high' ) { > + $iPrio = 1; > + } else { > + // default is normal priority > + $iPrio = 3; > + } > + $aMsg['x-priority'] = $iPrio; > + } > + break; > + case 'content-type': > + $type = $value; > + if ($pos = strpos($type, ";")) { > + $type = substr($type, 0, $pos); > + } > + $type = explode("/", $type); > + if(!is_array($type) || count($type) < 2) { > + $aMsg['content-type'] = array('text','plain'); > + } else { > + $aMsg['content-type'] = array(strtolower($type[0]),strtolower($type[1])); > + } > + break; > + case 'received': > + $aMsg['received'][] = $value; > + break; > + default: > + $aMsg[$field] = $value; > + break; > + } > + } > + } > + } > + break; > + default: > + ++$i; > + break; > + } > + } > + if (!empty($unique_id)) { > + $msgi = "$unique_id"; > + $aMsg['UID'] = $unique_id; > + } else { > + $msgi = ''; > + } > + $aMessageList[$msgi] = $aMsg; > + $aResponse[$j] = NULL; > + } > + return $aMessageList; > +} > + > +/** > * Normalise the different Priority headers into a uniform value, > * namely that of the X-Priority header (1, 3, 5). Supports: > * Prioirty, X-Priority, Importance. > > Modified: branches/SM-1_4-STABLE/squirrelmail/functions/tree.php > =================================================================== > --- branches/SM-1_4-STABLE/squirrelmail/functions/tree.php 2009-01-03 00:14:42 UTC (rev 13387) > +++ branches/SM-1_4-STABLE/squirrelmail/functions/tree.php 2009-01-03 23:48:07 UTC (rev 13388) > @@ -145,7 +145,7 @@ > $mbx_response = sqimap_mailbox_select($imap_stream, $tree[$index]['value']); > $messageCount = $mbx_response['EXISTS']; > if ($messageCount > 0) { > - sqimap_messages_copy($imap_stream, 1, '*', $trash_folder . $delimiter . $subFolderName); > + sqimap_msgs_list_copy($imap_stream, '1:*', $trash_folder . $delimiter . $subFolderName); > } > // after copy close the mailbox to get in unselected state > sqimap_run_command($imap_stream,'CLOSE',false,$response,$message); > @@ -156,7 +156,7 @@ > $mbx_response = sqimap_mailbox_select($imap_stream, $tree[$index]['value']); > $messageCount = $mbx_response['EXISTS']; > if ($messageCount > 0) { > - sqimap_messages_copy($imap_stream, 1, '*', $trash_folder . $delimiter . $subFolderName); > + sqimap_msgs_list_copy($imap_stream, '1:*', $trash_folder . $delimiter . $subFolderName); > } > // after copy close the mailbox to get in unselected state > sqimap_run_command($imap_stream,'CLOSE',false,$response,$message); > > Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/delete_move_next/setup.php > =================================================================== > --- branches/SM-1_4-STABLE/squirrelmail/plugins/delete_move_next/setup.php 2009-01-03 00:14:42 UTC (rev 13387) > +++ branches/SM-1_4-STABLE/squirrelmail/plugins/delete_move_next/setup.php 2009-01-03 23:48:07 UTC (rev 13388) > @@ -278,7 +278,7 @@ > sqgetGlobalVar('delete_id', $delete_id, SQ_GET); > sqgetGlobalVar('mailbox', $mailbox, SQ_GET); > > - sqimap_messages_delete($imapConnection, $delete_id, $delete_id, $mailbox); > + sqimap_msgs_list_delete($imapConnection, $mailbox, $delete_id); > if ($auto_expunge) { > delete_move_expunge_from_all($delete_id); > // sqimap_mailbox_expunge($imapConnection, $mailbox, true); > @@ -293,8 +293,7 @@ > sqgetGlobalVar('targetMailbox', $targetMailbox, SQ_POST); > > // Move message > - sqimap_messages_copy($imapConnection, $move_id, $move_id, $targetMailbox); > - sqimap_messages_flag($imapConnection, $move_id, $move_id, 'Deleted', true); > + sqimap_msgs_list_move($imapConnection, $move_id, $targetMailbox); > if ($auto_expunge) { > delete_move_expunge_from_all($move_id); > // sqimap_mailbox_expunge($imapConnection, $mailbox, true); > > Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/filters/filters.php > =================================================================== > --- branches/SM-1_4-STABLE/squirrelmail/plugins/filters/filters.php 2009-01-03 00:14:42 UTC (rev 13387) > +++ branches/SM-1_4-STABLE/squirrelmail/plugins/filters/filters.php 2009-01-03 23:48:07 UTC (rev 13388) > @@ -340,9 +340,8 @@ > */ > for ($j=2, $num = count($ids); $j < $num; $j++) { > $id = trim($ids[$j]); > - if (sqimap_messages_copy ($imap, $id, $id, $where_to, false)) { > + if (sqimap_msgs_list_move($imap, $id, $where_to)) { > $del_id[] = $id; > - sqimap_messages_flag ($imap, $id, $id, 'Deleted', false); > } > } > } > @@ -369,119 +368,102 @@ > filters_LoadCache(); > } > > - $run = 0; > + $run = false; > > foreach ($filters as $Key=> $Value) { > if ($Value['enabled']) { > - $run ++; > + $run = true; > + break; > } > } > > // short-circuit > - if ($run == 0) { > + if (!$run) { > return; > } > > sqimap_mailbox_select($imap_stream, 'INBOX'); > > - // Ask for a big list of all "Received" headers in the inbox with > - // flags for each message. Kinda big. > - if ($filters_spam_scan != 'new') { > - $read = sqimap_run_command($imap_stream, 'FETCH 1:* (FLAGS BODY.PEEK[HEADER.FIELDS ' . > - '(RECEIVED)])', true, $response, $message, $uid_support); > - } else { > + $search_array = array(); > + if ($filters_spam_scan == 'new') { > $read = sqimap_run_command($imap_stream, 'SEARCH UNSEEN', true, $response, $message, $uid_support); > - if ($response != 'OK' || trim($read[0]) == '* SEARCH') { > - $read = sqimap_run_command($imap_stream, 'FETCH 1:* (FLAGS BODY.PEEK[HEADER.FIELDS ' . > - '(RECEIVED)])', true, $response, $message, $uid_support); > - } else { > - if (isset($read[0])) { > - if (preg_match("/^\* SEARCH (.+)$/", $read[0], $regs)) { > - $search_array = preg_split("/ /", trim($regs[1])); > + if (isset($read[0])) { > + for ($i = 0, $iCnt = count($read); $i < $iCnt; ++$i) { > + if (preg_match("/^\* SEARCH (.+)$/", $read[$i], $regs)) { > + $search_array = explode(' ', trim($regs[1])); > + break; > } > } > - $msgs_str = sqimap_message_list_squisher($search_array); > - $imap_query = 'FETCH '.$msgs_str; > - $imap_query .= ' (FLAGS BODY.PEEK[HEADER.FIELDS '; > - $imap_query .= '(RECEIVED)])'; > - $read = sqimap_run_command($imap_stream,$imap_query, true, $response, $message, $uid_support); > } > } > > + if ($filters_spam_scan == 'new' && count($search_array)) { > + $msg_str = sqimap_message_list_squisher($search_array); > + $imap_query = 'FETCH ' . $msg_str . ' (FLAGS BODY.PEEK[HEADER.FIELDS (RECEIVED)])'; > + } else if ($filters_spam_scan != 'new') { > + $imap_query = 'FETCH 1:* (FLAGS BODY.PEEK[HEADER.FIELDS (RECEIVED)])'; > + } else { > + return; > + } > + > + $read = sqimap_run_command_list($imap_stream, $imap_query, true, $response, $message, $uid_support); > + > if (isset($response) && $response != 'OK') { > return; > } > + > + $messages = parseFetch($read, $search_array); > + > + $bulkquery = (strlen($SpamFilters_BulkQuery) > 0 ? true : false); > > - if (strlen($SpamFilters_BulkQuery) > 0) { > - filters_bulkquery($filters_spam_scan, $filters, $read); > - } > - > - $i = 0; > - while ($i < count($read)) { > - // EIMS will give funky results > - $Chunks = explode(' ', $read[$i]); > - if ($Chunks[0] != '*') { > - $i ++; > - continue; > + foreach($messages as $id=>$message) { > + if (isset($message['UID'])) { > + $MsgNum = $message['UID']; > + } else { > + $MsgNum = $id; > } > - $MsgNum = $Chunks[1]; > - > - $IPs = array(); > - $i ++; > - $IsSpam = 0; > - > - // Look through all of the Received headers for IP addresses > - // Stop when I get ")" on a line > - // Stop if I get "*" on a line (don't advance) > - // and above all, stop if $i is bigger than the total # of lines > - while (($i < count($read)) && > - ($read[$i][0] != ')' && $read[$i][0] != '*' && > - $read[$i][0] != "\n") && (! $IsSpam)) { > - // Check to see if this line is the right "Received from" line > - // to check > - if (is_int(strpos($read[$i], $SpamFilters_YourHop))) { > - > - // short-circuit and skip work if we don't scan this one > - $read[$i] = ereg_replace('[^0-9\.]', ' ', $read[$i]); > - $elements = explode(' ', $read[$i]); > - foreach ($elements as $value) { > - if ($value != '' && > - ereg('[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}', > - $value, $regs)) { > - $Chunks = explode('.', $value); > - if (filters_spam_check_site($Chunks[0], > - $Chunks[1], $Chunks[2], $Chunks[3], > - $filters)) { > - $IsSpam ++; > - break; // no sense in checking more IPs > + > + if (isset($message['received'])) { > + foreach($message['received'] as $received) { > + if (is_int(strpos($received, $SpamFilters_YourHop))) { > + if (preg_match('/([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/', $received, $matches)) { > + $IsSpam = false; > + if (filters_spam_check_site($matches[1], $matches[2], $matches[3], $matches[4], $filters)) { > + $aSpamIds[] = $MsgNum; > + $IsSpam = true; > } > - // If we've checked one IP and YourHop is > - // just a space > - if ($SpamFilters_YourHop == ' ') { > - break; // don't check any more > + > + if ($bulkquery) { > + array_shift($matches); > + $IP = explode('.', $matches); > + foreach($filters as $key=>$value) { > + if ($filters[$key]['enabled'] && $filters[$key]['dns']) { > + if (strlen($SpamFilters_DNScache[$IP . '.' . $filters[$key]['dns']]) == 0) { > + $IPs[$IP] = true; > + break; > + } > + } > + } > } > + > + if ($SpamFilters_YourHop == ' ' || $IsSpam) { > + break; > + } > } > } > } > - $i ++; > } > - > - // Lookie! It's spam! Yum! > - if ($IsSpam) { > - if (sqimap_mailbox_exists($imap_stream, $filters_spam_folder)) { > - // check if message copy was successful > - if (sqimap_messages_copy ($imap_stream, $MsgNum, $MsgNum, > - $filters_spam_folder, false)) { > - sqimap_messages_flag ($imap_stream, $MsgNum, $MsgNum, > - 'Deleted', false); > - } > - } > - } else { > - } > } > + > + if (count($aSpamIds) && sqimap_mailbox_exists($imap_stream, $filters_spam_folder)) { > + sqimap_msgs_list_move($imap_stream, $aSpamIds, $filters_spam_folder); > + sqimap_mailbox_expunge($imap_stream, 'INBOX', true, $aSpamIds); > + } > + > + if ($bulkquery && count($IPs)) { > + filters_bulkquery($filters, $IPs); > + } > > - sqimap_mailbox_expunge($imap_stream, 'INBOX'); > - > if ($SpamFilters_SharedCache) { > filters_SaveCache(); > } else { > > Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/spamcop/setup.php > =================================================================== > --- branches/SM-1_4-STABLE/squirrelmail/plugins/spamcop/setup.php 2009-01-03 00:14:42 UTC (rev 13387) > +++ branches/SM-1_4-STABLE/squirrelmail/plugins/spamcop/setup.php 2009-01-03 23:48:07 UTC (rev 13388) > @@ -131,8 +131,7 @@ > if ($spamcop_delete) { > $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0); > sqimap_mailbox_select($imapConnection, $mailbox); > - sqimap_messages_delete($imapConnection, $spamcop_is_composing, > - $spamcop_is_composing, $mailbox); > + sqimap_msgs_list_delete($imapConnection, $mailbox, $spamcop_is_composing); > if ($auto_expunge) > sqimap_mailbox_expunge($imapConnection, $mailbox, true); > } > > Modified: branches/SM-1_4-STABLE/squirrelmail/src/delete_message.php > =================================================================== > --- branches/SM-1_4-STABLE/squirrelmail/src/delete_message.php 2009-01-03 00:14:42 UTC (rev 13387) > +++ branches/SM-1_4-STABLE/squirrelmail/src/delete_message.php 2009-01-03 23:48:07 UTC (rev 13388) > @@ -54,7 +54,7 @@ > > sqimap_mailbox_select($imapConnection, $mailbox); > > -sqimap_messages_delete($imapConnection, $message, $message, $mailbox); > +sqimap_msgs_list_delete($imapConnection, $mailbox, $message); > if ($auto_expunge) { > sqimap_mailbox_expunge($imapConnection, $mailbox, true); > } > > Modified: branches/SM-1_4-STABLE/squirrelmail/src/move_messages.php > =================================================================== > --- branches/SM-1_4-STABLE/squirrelmail/src/move_messages.php 2009-01-03 00:14:42 UTC (rev 13387) > +++ branches/SM-1_4-STABLE/squirrelmail/src/move_messages.php 2009-01-03 23:48:07 UTC (rev 13388) > @@ -231,7 +231,7 @@ > if (count($id)) { > // move messages only when target mailbox is not the same as source mailbox > if ($mailbox!=$targetMailbox) { > - sqimap_msgs_list_copy($imapConnection,$id,$targetMailbox); > + sqimap_msgs_list_move($imapConnection,$id,$targetMailbox); > if ($auto_expunge) { > $cnt = sqimap_mailbox_expunge($imapConnection, $mailbox, true); > } else { > > > This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. > > ------------------------------------------------------------------------------ > ----- > squirrelmail-cvs mailing list > List address: squ...@li... > List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs > Repository: http://squirrelmail.org/svn > |
From: Jon A. <jo...@sq...> - 2009-04-05 15:47:31
|
Hello Paul, Sunday, April 5, 2009, 3:20:24 AM, you wrote: > Jon, > Sorry for the late reply on this, but: Hehe, no kidding ;) I forgot I'd made all these ;) > 1) Was any of the filters/spam changes applicable to DEVEL too? They were actually taken from devel :) Including porting back the function parseFetch, and another function (I think) that I cannot remember the name of. > 2) Are you sure you want to change the known functionality of > sqimap_msgs_list_copy()? Yes, it's HIGHLY annoying that the function > is mis-named, but this being stable code, I wouldn't think we'd want > to change out the functionality of the core. It may be better to > leave the name of the *move* function "sqimap_msgs_list_copy" and > create a new *copy* function named something such as > "sqimap_msgs_list_copy_for_real". As much as I like to keep backwards compatibility, I'm sure if we shout out enough that this is being updated, we should be okay. We'll likely get a few bug reports, but it's going to be plugin specific, with an easy change. I think I updated all the internal code already. > The downside to that last idea is that it really diverges from 1.5 > compatibility even more than it already does. I know that at least > the Spam Buttons plugin depends on the sqimap_msgs_list_copy() > function as it was (with *move* functionality). Fortunately, I have > it inside a wrapper that is specifically intended to fix the naming > problem, and it is a very fast change to alter the version number > check that it does therein..... but I don't know if there are some > other plugins out there that will break because of this change. > Thoughts? We can probably grep the plugins directory to see how many use it, and advise the authors if its still maintained, or fix it. -- Jon Angliss <jo...@sq...> |
From: Paul L. <pa...@sq...> - 2009-04-05 19:35:10
|
On Sun, Apr 5, 2009 at 7:04 AM, Jon Angliss <jo...@sq...> wrote: > > Hello Paul, > > Sunday, April 5, 2009, 3:20:24 AM, you wrote: > > > Jon, > > > Sorry for the late reply on this, but: > > Hehe, no kidding ;) I forgot I'd made all these ;) > > > 1) Was any of the filters/spam changes applicable to DEVEL too? > > They were actually taken from devel :) Including porting back the > function parseFetch, and another function (I think) that I cannot > remember the name of. > > > 2) Are you sure you want to change the known functionality of > > sqimap_msgs_list_copy()? Yes, it's HIGHLY annoying that the function > > is mis-named, but this being stable code, I wouldn't think we'd want > > to change out the functionality of the core. It may be better to > > leave the name of the *move* function "sqimap_msgs_list_copy" and > > create a new *copy* function named something such as > > "sqimap_msgs_list_copy_for_real". > > As much as I like to keep backwards compatibility, I'm sure if we > shout out enough that this is being updated, we should be okay. We'll > likely get a few bug reports, but it's going to be plugin specific, > with an easy change. I think I updated all the internal code already. > > > The downside to that last idea is that it really diverges from 1.5 > > compatibility even more than it already does. I know that at least > > the Spam Buttons plugin depends on the sqimap_msgs_list_copy() > > function as it was (with *move* functionality). Fortunately, I have > > it inside a wrapper that is specifically intended to fix the naming > > problem, and it is a very fast change to alter the version number > > check that it does therein..... but I don't know if there are some > > other plugins out there that will break because of this change. > > > Thoughts? > > We can probably grep the plugins directory to see how many use it, and > advise the authors if its still maintained, or fix it. OK, then. I will fix Spam Buttons. |
From: <av...@us...> - 2009-02-09 09:19:40
|
Revision: 13401 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13401&view=rev Author: avel Date: 2009-02-09 09:19:29 +0000 (Mon, 09 Feb 2009) Log Message: ----------- If there were addressbook nicknames with the : character, they could not be operated upon. Devel tree is not affected. Note that default addressbook backend add() method doesn't allow the : character in nickname, but some other plugin, a 3rd party addressbook backend or previously imported addresses might result in entries _with_ ':' character in nickname. And it's a trivial fix. :-) Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/src/addressbook.php Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2009-02-01 19:10:10 UTC (rev 13400) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2009-02-09 09:19:29 UTC (rev 13401) @@ -22,6 +22,7 @@ - Migrated some fetch handling code from dev branch in plans to update some core functionality to allow reusability of code. - Make address book file permissions 0600 - same as preference files. + - Fix for address book nicknames that contain the : character. Version 1.4.17 - 03 December 2008 --------------------------------- Modified: branches/SM-1_4-STABLE/squirrelmail/src/addressbook.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/src/addressbook.php 2009-02-01 19:10:10 UTC (rev 13400) +++ branches/SM-1_4-STABLE/squirrelmail/src/addressbook.php 2009-02-09 09:19:29 UTC (rev 13401) @@ -216,7 +216,7 @@ $delfailed = false; for ($i = 0 ; (($i < sizeof($sel)) && !$delfailed) ; $i++) { - list($sbackend, $snick) = explode(':', $sel[$i]); + list($sbackend, $snick) = explode(':', $sel[$i], 2); /* When we get to a new backend, process addresses in * * previous one. */ @@ -262,7 +262,7 @@ $send_to = ''; for ($i = 0 ; (($i < sizeof($sel)) && !$lookup_failed) ; $i++) { - list($sbackend, $snick) = explode(':', $sel[$i]); + list($sbackend, $snick) = explode(':', $sel[$i], 2); $data = $abook->lookup($snick, $sbackend); @@ -309,7 +309,7 @@ $defselected = $sel; } else { $abortform = true; - list($ebackend, $enick) = explode(':', $sel[0]); + list($ebackend, $enick) = explode(':', $sel[0], 2); $olddata = $abook->lookup($enick, $ebackend); /* Display the "new address" form */ This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2009-02-14 07:30:44
|
Revision: 13402 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13402&view=rev Author: pdontthink Date: 2009-02-14 07:30:40 +0000 (Sat, 14 Feb 2009) Log Message: ----------- Ensure that hash directory computation is the same on both 32 and 64 bit architectures (#2596879) (Thanks to Mike Sweetser) Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/functions/prefs.php Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2009-02-09 09:19:29 UTC (rev 13401) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2009-02-14 07:30:40 UTC (rev 13402) @@ -23,6 +23,8 @@ update some core functionality to allow reusability of code. - Make address book file permissions 0600 - same as preference files. - Fix for address book nicknames that contain the : character. + - Ensure that hash directory computation is the same on both 32 and + 64 bit architectures (#2596879). Version 1.4.17 - 03 December 2008 --------------------------------- Modified: branches/SM-1_4-STABLE/squirrelmail/functions/prefs.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/prefs.php 2009-02-09 09:19:29 UTC (rev 13401) +++ branches/SM-1_4-STABLE/squirrelmail/functions/prefs.php 2009-02-14 07:30:40 UTC (rev 13402) @@ -144,8 +144,15 @@ * @return array a list of hash dirs for this username */ function computeHashDirs($username) { - /* Compute the hash for this user and extract the hash directories. */ - $hash = base_convert(crc32($username), 10, 16); + /* Compute the hash for this user and extract the hash directories. */ + /* Note that the crc32() function result will be different on 32 and */ + /* 64 bit systems, thus the hack below. */ + $crc = crc32($username); + if ($crc & 0x80000000) { + $crc ^= 0xffffffff; + $crc += 1; + } + $hash = base_convert($crc, 10, 16); $hash_dirs = array(); for ($h = 0; $h < 4; ++ $h) { $hash_dirs[] = substr($hash, $h, 1); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2009-03-13 02:22:48
|
Revision: 13424 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13424&view=rev Author: pdontthink Date: 2009-03-13 01:37:15 +0000 (Fri, 13 Mar 2009) Log Message: ----------- Adding Bengali (Bangladesh) translation. Many thanks to Jamil Ahmed Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/functions/i18n.php Modified: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2009-03-13 01:16:02 UTC (rev 13423) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2009-03-13 01:37:15 UTC (rev 13424) @@ -30,6 +30,7 @@ other issues that can come up, sizing for large groups will be a problem (#2611967) - Added Tamil translation (Thanks to Kengatharaiyer Sarveswaran). + - Added Bengali (Bangladesh) translation (Thanks to Jamil Ahmed). Version 1.4.17 - 03 December 2008 --------------------------------- Modified: branches/SM-1_4-STABLE/squirrelmail/functions/i18n.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/i18n.php 2009-03-13 01:16:02 UTC (rev 13423) +++ branches/SM-1_4-STABLE/squirrelmail/functions/i18n.php 2009-03-13 01:37:15 UTC (rev 13424) @@ -745,9 +745,13 @@ $languages['bn_IN']['NAME'] = 'Bengali'; $languages['bn_IN']['CHARSET'] = 'utf-8'; $languages['bn_IN']['LOCALE'] = 'bn_IN.UTF-8'; -$languages['bn_BD']['ALIAS'] = 'bn_IN'; -$languages['bn']['ALIAS'] = 'bn_IN'; +$languages['bn_BD']['NAME'] = 'Bengali'; +$languages['bn_BD']['ALTNAME'] = 'Bangla'; +$languages['bn_BD']['CHARSET'] = 'utf-8'; +$languages['bn_BD']['LOCALE'] = array('bn_BD.UTF-8', 'bn_BD', 'bn.UTF-8', 'bn'); +$languages['bn']['ALIAS'] = 'bn_BD'; + $languages['ca_ES']['NAME'] = 'Catalan'; $languages['ca_ES']['CHARSET'] = 'iso-8859-1'; $languages['ca_ES']['LOCALE'] = array('ca_ES.ISO8859-1','ca_ES.ISO-8859-1','ca_ES'); @@ -768,7 +772,8 @@ $languages['da_DK']['LOCALE'] = array('da_DK.ISO8859-1','da_DK.ISO-8859-1','da_DK'); $languages['da']['ALIAS'] = 'da_DK'; -$languages['de_DE']['NAME'] = 'Deutsch'; +$languages['de_DE']['NAME'] = 'German'; +$languages['de_DE']['ALTNAME'] = 'Deutsch'; $languages['de_DE']['CHARSET'] = 'iso-8859-1'; $languages['de_DE']['LOCALE'] = array('de_DE.ISO8859-1','de_DE.ISO-8859-1','de_DE'); $languages['de']['ALIAS'] = 'de_DE'; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2009-03-26 21:43:24
|
Revision: 13456 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13456&view=rev Author: pdontthink Date: 2009-03-26 21:43:19 +0000 (Thu, 26 Mar 2009) Log Message: ----------- Move docs to doc/ directory Added Paths: ----------- branches/SM-1_4-STABLE/squirrelmail/doc/AUTHORS branches/SM-1_4-STABLE/squirrelmail/doc/COPYING branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog branches/SM-1_4-STABLE/squirrelmail/doc/INSTALL branches/SM-1_4-STABLE/squirrelmail/doc/README branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes/ReleaseNotes branches/SM-1_4-STABLE/squirrelmail/doc/UPGRADE Removed Paths: ------------- branches/SM-1_4-STABLE/squirrelmail/AUTHORS branches/SM-1_4-STABLE/squirrelmail/COPYING branches/SM-1_4-STABLE/squirrelmail/ChangeLog branches/SM-1_4-STABLE/squirrelmail/INSTALL branches/SM-1_4-STABLE/squirrelmail/README branches/SM-1_4-STABLE/squirrelmail/ReleaseNotes branches/SM-1_4-STABLE/squirrelmail/UPGRADE Deleted: branches/SM-1_4-STABLE/squirrelmail/AUTHORS =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/AUTHORS 2009-03-26 21:38:33 UTC (rev 13455) +++ branches/SM-1_4-STABLE/squirrelmail/AUTHORS 2009-03-26 21:43:19 UTC (rev 13456) @@ -1,43 +0,0 @@ -THE SQUIRRELMAIL TEAM -===================== - -The SquirrelMail Project thanks each and every one that have made SquirrelMail -what it is today. This includes, but isn't limited to, bug reporters, patch -submitters, testers, plugin authors, community members, and many, many other. - -The list below contains some of persons that have helped the project, with the -aim to give credit where it is due. If you feel that your name has wrongfully -been left out, please contact the SquirrelMail Project. - -Main developers: ----------------- -Alex Lemaresquier <al...@br...> -Alexandros Vellis <ave...@no...> http://users.uoa.gr/~avel -Chris Hilts <ta...@sq...> http://www.birdbrained.org -Fredrik Jervfors <jer...@sq...> http://fredrik.jervfors.se -Jonathan Angliss <jo...@sq...> -Marc Groot Koerkamp <ma...@sq...> -Paul Lesneiwski <pa...@sq...> -Seth E. Randall <se...@mi...> -Steve Brown <sbr...@gm...> -Thijs Kinkhorst <ki...@sq...> http://thijs.kinkhorst.nl - -Past developers, now retired: ------------------------------ -Brent Bice, Bron Gondwana, Bryan Stalcup, Erin Schnabel, Gerrit Padgham, Gustav -Foseid, Jason Munro, Jimmy Conner, Konstantin Riabitsev, Lewis Bergman, Luke -Ehresman, Matt Phillips, Nathan Ehresman, Paul Thompson, Peter Hutnick, Philippe -Mingo, Pål Løberg, Rick Castello, Shane Wilson, Simon Dick, Steve Falla, Steve -Gare, Tomas Kuliavas, Tyler Akins, and Wouter Teepe. - -Significant contributions: --------------------------- -Alex Bleeker, Charles Scheidecker, Cor Bosman, Damien Sandras, David -Whittington, Jan-Pieter Cornet, John Williams, Libor Kopecky, Martin Jespersen, -Michael Long, Ondrej Sury, Pontus Ullgren, Rob Siemborski, Sergiusz Pawlowicz, -Stefan Meier, Stefan Sels, and many others. - -Translations: -------------- -The translators are credited in the file "TRANSLATORS", which is part of the -locales package. Deleted: branches/SM-1_4-STABLE/squirrelmail/COPYING =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/COPYING 2009-03-26 21:38:33 UTC (rev 13455) +++ branches/SM-1_4-STABLE/squirrelmail/COPYING 2009-03-26 21:43:19 UTC (rev 13456) @@ -1,281 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Library General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS Deleted: branches/SM-1_4-STABLE/squirrelmail/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2009-03-26 21:38:33 UTC (rev 13455) +++ branches/SM-1_4-STABLE/squirrelmail/ChangeLog 2009-03-26 21:43:19 UTC (rev 13456) @@ -1,1715 +0,0 @@ -************************************** -*** SquirrelMail Stable Series 1.4 *** -************************************** - -Version 1.4.18 - SVN --------------------- - - Fixed port detection in automatic base URL detection scheme - (get_location()). (#2388423) - - Added informational type option widget. - - Added password type option widget. - - Fixed filters plugin to allow spam filters to scan multiple - messages, rather than the first message returned (#1634735). - - Removed code from spam filters plugin to stop if falling back - to searching all messages when there was no new messages. - - Altered filters plugin to issue single move/delete statement - for multiple messages. - - Updated some core code, and several plugins, to not use code - marked as obsolete. - - Corrected sqimap_msgs_list_copy to actually copy messages, - rather than move. - - Created new sqimap_msgs_list_move to move messages. - - Migrated some fetch handling code from dev branch in plans to - update some core functionality to allow reusability of code. - - Make address book file permissions 0600 - same as preference files. - - Fix for address book nicknames that contain the : character. - - Ensure that hash directory computation is the same on both 32 and - 64 bit architectures (#2596879). - - Allow multiple addresses in one abook entry (separate with commas), - although we HIGHLY DISCOURAGE grouping in this manner - note amongst - other issues that can come up, sizing for large groups will be a - problem (#2611967) - - Added Tamil translation (Thanks to Kengatharaiyer Sarveswaran). - - Added Bengali (Bangladesh) translation (Thanks to Jamil Ahmed). - -Version 1.4.17 - 03 December 2008 ---------------------------------- - - Allow control over white space wrapping of auto-generated - SquirrelMail option widgets. - - Fix matching of alternate identities when replying. - - Fix HTTPS detection under Windows IIS that was incorrectly - setting cookies to be transmitted only over a secure - connections when none existed (#2318118). - - Security: Fix XSS exploit in hyperlinks when rendering - messages. Thanks to Secunia Research for reporting this - issue and for their patience. [CVE-2008-2379] - -Version 1.4.16 - 28 September 2008 ----------------------------------- - - Added support for Latvian. - - Add submit button type option widget - - Allow address book lookups by fields other than nickname/alias - - Include hooks in databased-based preference backend that have - long been in the file-based preference backend - - Removed the Address Take (abook_take) plugin; please see the Add - Address (third party) plugin. - - Allow a different server address for the POP server to be - configured when using POP before SMTP. - - Update the left_main_after_each_folder hook to work on the trash - folder as well as all other folders. - - Fix HTML validity issue with IE conditional construct (#1985916). - - Backported sqsetcookie() from 1.5.2, so cookies won't be - transmitted under non-SSL connections if the session is - started under an SSL (https) connection (CVE-2008-3663). - Also limits cookies to HTTPOnly, a feature of IE and Firefox - to counter cross site scripting attacks. - -Version 1.4.15 - 23 May 2008 ----------------------------- - - Fix saving of Read Receipts to Sent folder. - - Converted Romanian (ro_RO) to UTF-8. - - Converted Slovak (sk_SK) to UTF-8. - - Converted Swedish (sv_SE) to UTF-8. - -Version 1.4.15 Release Candidate 1 - 12 May 2008 ------------------------------------------------- - - Added support for Macedonian. - - Don't allow invalid plugin names in conf.pl --install-plugin. - - Fix warning in Printer Friendly due to missing include (#1849101). - - Let configtest.php use optional PEAR dynamic extension loading, - patch by Walter Huijbers (#1833123). - - Fix for IMAP servers that were having problems saving sent messages. - - Fix broken <style> tag parsing for some HTML messages, thanks - Roalt Zijlstra. - - Re-added support for Vietnamese. - - Fixed broken MDN functionality (send read confirmation). - - Converted Norwegian Bokm\xE5l (nb_NO) to UTF-8. - - Converted traditional Chinese (zh_TW) to UTF-8. - - Avoid deprecation notices on get_magic_quotes_* functions. - - Improved Message-ID generation code. - - Added edit list, checkbox, radio group, multiple-select folder - list and multiple-select string list option widget types, - as well as support for the "trailing_text" widget attribute. - - Boolean option widgets are henceforth presented as checkboxes. - - Tidied up fortune plugin to be inline with specifications for plugins. - - Enhanced address book page: added 'Compose to' button, put labels - around address entries tied to checkboxes, improved column spacing, - added hook for plugins that can filter address book listings. - Complements RisuMail team (risumail.jp). - -Version 1.4.14 - Skipped; version number abused by spammers. - -Version 1.4.13 - 14 December 2007 ---------------------------------- - - Include compatibility plugin files if available. - - Some IMAP servers send nil for an empty email body (See RFC2180, - section 4.1.3 on empty strings). - - New release to clear up any confusion with respect to - compromised 1.4.11 and 1.4.12 packages [CVE-2007-6348]. - -Version 1.4.12 - 04 December 2007 ---------------------------------- - - Enabled user selection of address format when adding from address - book during message composition. - - Fixed issue with adding attachments in PHP 4.x environments (#1805471). - - Backport size setting on "newmail" popup window. - - Added a "short_open_tag" configuration test. - - Undefined notice in error message box when no default folder prefix is set. - - Undefined index error when downloading. Possibly caused by using tabs and - opening multiple mailboxes. - - PAGE_NAME might not be defined in all plugins, which might cause a - "not defined" error on session timeouts. - - Fixed outgoing messages to allow addresses such as "0@..." or "000@...", - etc. (#1818398). - - Fixed issue with in-reply-to and reference headers not being retained on - reply (#1810659). - - Revived logout_error hook (#1800015). - - Allow custom session handlers to work correctly (and be defined at the - application level with SquirrelMail). - - Fix off-by-one in bodystructure parsing triggered by servers sending - a body location part (e.g. Sun Java System Messaging Server). Thanks - John Callahan (#1808382). - - Invalid initialization of To: header (#1772893). - - Includes cleanup in include/validate.php. - - Cleanup in multiple files to remove unneeded includes. - - Added sort by size (#812233 and #159997, plus multiple list requests). - Patch provided by Christopher E. Brown. - - Fix bug in sitewide SMTP settings still using authenticated user, rather - than configured settings (#1835942). - - Fixed mailto: functionality. - - Added mailto: link handling when viewing messages. - - Handle PHP's insistence on setting the value to 'deleted' for destroyed sessions - (#1829098). - -Version 1.4.11 - 29 September 2007 ----------------------------------- - - Minimum PHP requirement raised from 4.0.6 to 4.1.0. - SquirrelMail has been broken for a while with 4.0.x without anyone - noticing, this move merely reflects reality. - - Fix broken set_url_var function in functions/html.php (#1729814). - - Fix config.pl not detecting auth support correctly (#1727033). - - Fix display of X-Priority in message view. - - Work around mailers sending broken Date headers with no space after the - first comma. - - Let POP3 class properly cope with lines starting with a '.'. - - Some HTML validation cleanups. - - Invalid year in sent_subfolders plugin (#1607380). - - Always treat Content-Type case-insensitively (#1732092). - - Fix typo: html/plain should be text/html. - - Fix en/decode header swith in MDN (#1694687). - - Fix compatibility with Windows path in administrator plugin (#1740469). - - Fix disabling password encryption in mail_fetch (#1738001). - - Fix busy loop and notice when two literals in IMAP fetch (#1739433). - - Backported code for site wide SMTP authentication (#1531889). - - Fixed issue with compose session not being cleaned after message is - saved or sent. - - Added ability to detect HTTP_X_FORWARDED_PROTO in get_location(), - thanks to Daniel Watts - - Fix test for signout.php in the logged in check in is_logged_in() so it - cannot be circumvented by manipulating the URL. External plugins might - rely on this function guaranteeing that the user is logged in. - - Use attachment_dir only at the point where we're actually - reading from / writing to the files, do not carry it around - in the object. This makes us safer in the event the object - is somehow exposed to the outside world. - - Better support mailboxes named 'None' (#1598890). - - Sort readdir() output in conf.pl (#1755886). - - Fix message cache in printer friendly, thanks Tomas Kuliavas. - - Made the webmail_top hook work again for plugins that want to change - the URI of the "right" frame; plugins have to change the value of the - global variable $right_frame_url - - Fix issue in darkness theme with extra closing bracket. - - No longer store all message composition sessions in the PHP session, - since it was not made use of and in rare cases, made sessions too big. - - Composition restoration functionality now correctly restores attachments. - - Added smtp_auth hook. - - Change default Selection List Style to Indented. - - Added "preselected" query argument to mailbox list. - - Added mailbox_display_buttons hook. - - Removed "Include CCs when Forwarding Messages", which had no functionality - whatsoever. - - Make the Message Details plugin actually show the correct entity when - viewing details of attached messages. - - Add PAGE_NAME constant to all src/ pages for use in detecting what page - has been requested by the client. - -Version 1.4.10a - 10 May 2007 ------------------------------ - - Fix regression in compose: when no alternative identities have been - defined, the From header would be incorrect. - -Version 1.4.10 - 9 May 2007 ---------------------------- - - Drop obsolete ORDB RBL from filters plugin (#1629398). - - Fix HTML glitches (#1608798, #1628639, #1521389, #1548394, #1704686). - - Reduce (largely theoretical) chance of reusing existing attachment - filenames. - - Fix rare bug in forwarding as attachment from some search results. - - Add warning about magic_quotes_* in configtest. - - Unify accepted versions for imap_server_type and set_defaults (#1629722). - - Fix for wrong $_SERVER['REQUEST_URI'] value causing wrong links - in the [more] and [less] links in read_body.php. - - Update for switch from CVS to Subversion. - - Fix URL to send read receipts from read_body (#1637572). - - Fix for high memory usage when forwarding messages with attachments. - - Fix for filename extraction from attachments. - - Fix reply to all duplicating the address from Reply-To. - - Drop redundant call to session_register, which could trigger a segfault - in PHP 4.4.5 (#1664155). - - Make compose use get_identities() rather than fiddling with identities - by itself, resolving a problem in the listcommands plugin (#1663762). - - If a date-header cannot be parsed, display the unparsed version as a - better-than-nothing alternative. - - Fix "Unknown Sender" on message after reading a digest (#1673047). - - Fix Priority and Receipt compose options being reset after return from - HTML addressbook (#1673056). - - Fix sorting of folder list with non-. delimiter (#1593229). - - Only display "+" symbol on multipart/mixed messages, e.g. those with - real attachments. - - Fixes for issues with filters plugin (#1634735). - - Session not correctly handled on webmail.php (#1685031). - - session_id reporting session id when no active session (#1685031). - - sqm_baseuri moved to strings.php (#1685114). - - Added sq_change_text_domain() for plugins to use when switching text - domains. If plugins use this function, it fixes #1434043. - - Added new language: Frisian, thanks to Rinse de Vries. - - Security: fixes for the HTML filter to counter further XSS exploits: - HTML attachments containing 'data:' URLs, Internet Explorer-specifc - charset conversion exploits, and request forgery through included - images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon - for reporting these issues. [CVE-2007-1262, CVE-2007-2589] - -Version 1.4.9a - 3 December 2006 --------------------------------- - - Security: Multiple IE cross site scripting issues related to the - widely acceptation of the word expression and url by IE. - - Security: Removing @import when sanitizing html mail. - -Version 1.4.9 - 2 December 2006 -------------------------------- - - Drop obsolete script plugins/make_archive.pl. - - Fixed Google translate form in translate plugin. Added new language - pairs. - - Added XMAGICTRASH extension tests in configtest utility. Removed code - that handled 'inbox.trash' as special folder in courier (#1354393). - - Allowed moving folders to trash in courier. - - Fix misspelled constant PREG_SPLIT_NI_EMPTY in sqimap_get_message - (#1543573). - - Provide View Unsafe Images link on viewing a text/html attachment. - - Fix variable typo in folders_create.php (#1545316). - - Added Courier IMAP OUTBOX check to configtest utility. - - If mailbox name starts with slash or contains ../, error message is - generated. Safety check for insecure default UW IMAP setup (#1557078). - - Ignore message copy errors when messages are deleted. Allows to delete - messages when quota is exceeded (#614887, #646386, #1446026). - - Fixed unintended literal fetching (#1562271). - - Added global file based address book listing controls. Added line - length configuration option for local_file address book backend - (#1181561). Added address book data integrity checks in local_file - address book backend. Fixed eregi and object notices in local_file - and database address book backends. Added additional address book - field support. - - Fixed variable corruption in configtest utility. - - Checked if configuration file is readable in configuration utility - (#1568355). - - Special mailboxes marked in special_mailbox hook are no longer listed - in folder delete, rename and subscription options. - - Translate plugin: prevent PHP notice when viewing empty message. - - Add CEST and MEST (non-standard) timezone codes for +0200. - - Add <label> to From field in message list. - - Add support for parsing SpamAssassin's X-Spam-Status header (#1589520). - - Fix in bodystructure parser code related to strings ending with an - escape character. - - Added "attachment */*" hook - - Added third parameter $logout_link to logout_error hook that allows - plugin control over login page URI displayed on login error page. - - Security: close cross site scripting vulnerability in draft, compose - and mailto functionality [CVE-2006-6142]. - - Security: work around an issue in Internet Explorer that would guess - the mime type of a file based on contents, not Content-Type header. - -Version 1.4.8 - 11th August 2006 --------------------------------- - - Fixed URL for Read Receipts being incorrect in some cases (#1177518). - - Fixed endless loop when trying to parse "From: )(" (#1517867). - - Using is_file() instead of file_exists() in fortune plugin, which - correctly fails if the specified location is a directory (#1499134). - - Add manual page for conf.pl under contrib. - - Don't allow selecting INBOX as Sent, Draft or Trash folder (#1242346). - - Fixed spamcop web based reporting form (#1519673). - - Session cookies are turned on, if session.use_cookies is turned off - in PHP configuration (#1518885). - - Cleaned whitespace in output buffer when plugins are loaded (#1291209). - - Removed conf.pl dependency on Perl IO::Socket module. Automatic detection - of supported authentication mechanisms is disabled, if IO::Socket is not - available. - - Make the base for the SquirrelMail URL configurable. Adds a new variable - config_base_location to config.php and a new option to conf.pl. This is - to prevent problems in installs where our heuristic doesn't work - correctly (#1521299, #1460675, #1110064, #1000850, #1113791). - - Fixed mailbox and header sanitizing in src/search.php. - - Handle IMAP copy errors in filters plugin. Added $handle_errors option - and boolean return in sqimap_messages_copy() function (#1520437). - - Improved register_globals=on handling code in order to prevent possible - variable corruption. This also effectively rules out future attack vectors - that require register_globals to be on. - - Fixed use of $version in config.php file (#1527870). - - Fixed IMAP folder creation in euc-kr, big5 and gb2312 translations - (#1005353). - - Configuration utility does not allow 8bit symbols in IMAP folder names - (#1485501). - - Removed HTTP Status header from signout page to work around a bug in - fastcgi (#1424748). - - Added command execution status check in SendMail delivery class (#1374174). - - Added $sendmail_args configuration option (#1365779). - - Fixed resuming of compose when session expired while writing. - - Security: Make sure that code only sets those variables that are needed in - compose and are not already set. Thanks James Bercegay from GulfTech for - pointing this out. [CVE-2006-4019] - - Fixed subscription of new 'noselect' folders (#1315912). - - Moving the developers documentation to the documentation module; it's - no longer shipped in the tarballs. - - Drop dead code in validate.php once used for some old obscure bug. - -Version 1.4.7 - 4th July 2006 ------------------------------ - - Security: Possible cookie theft in src/redirect.php if - register_globals is enabled, and malicous site is running - in same domain. - - Fixed that loading the options page always loaded the prefs - initial_value on display, instead of the users' value. - - Enabled Ukrainian translation after updates by Serhij Dubyk. - - Fixed from address in case of MDN receipts (patch from Dimitar Pashev). - - Correct variable typo, causing Bogus sequence in FETCH errors (#1460338). - - Reduce references header in a smart way to avoid "header too long" - errors from SMTP servers in really long threads (#1167754, #1465342). - - Undo extra sanitizing in decodeHeader() function (#1460638). - - Added workaround for broken OpenBSD 3.8+ setlocale() function (#1427512). - - Fixed session lockups on large attachment downloads. - - Fixed bug_report plugin connections to mapped and secured IMAP servers. - - Fixed possibility to use single quote in provider name (#1475744). - - Improved error handling for the help pages. - - Added new color themes by Jeremy Landes, Tammi Maggard and Lucas Austin-Howe - (#1378332), (#1377567), (#1377529), (#1377528), (#1377527), (#1377526), - (#1377525), (#1393188). - - Removed invalid $sendmail_path check in configuration utility. - - Backported calendar plugin updates from devel branch. Fixed display of - multiline events (#1291081) and sanitizing of quotes (#705796). Fixed - possible calendar corruption, when events contain special formating - characters. Moved html sanitizing from backend functions to display - code. Removed direct access to $_GET and $_POST variables and - simplified form variable processing. - - Fixed some mailbox caching issues, when messages are deleted or moved - not in first mailbox page. Fixed use of mailbox cache in right_main.php - (#1304408). - - Stop URL parsing, if 8bit symbols or HTML entities are detected (#1356798). - - Improve recovery when EHLO not supported on legacy SMTP servers - (#1031455). - - Don't move messages when target mailbox matches source mailbox (#1409453). - - Sanitized IMAP folder names in error_message() function and filters plugin. - - Take X-Forwarded-Host HTTP header in consideration when constructing - base_uri for redirects; reduces problems with transparent proxies - (#1488590). - - Don't use trailing delimiter when sqimap_mailbox_create() subscribes - newly created mailbox. - - Undefined variable in src/right_main.php. - - Security: Local file inclusion in functions/plugin.php with - register_globals enabled, and magic_quotes disabled (reported by Denix - Solutions). [CVE-2006-2842] - - Add note to conf.pl / config_default.php to warn users that set - sensitive passwords in that file to properly secure it. - - Prevent modifications in advanced identities, when editing of - identities is disabled. - - Fix incorrect parsing of From with nested parentheses (#1241506). - - Tightened code in search.php for disputed security report. We don't - believe this is exploitable, but the code is tightened anyway. - [CVE-2006-3174] - - -Version 1.4.6 - 23 February 2006 --------------------------------- - - Security: MagicHTML fix for comments in styles (reported - by Scott Hughes) and parsing of u\rl (reported by - Martijn Brinkers) which allowed for cross site scripting - when using Internet Explorer [CVE-2006-0195]. - - Multi-line encoded headers were being deleted (#1394667). - - Security: Prohibit IMAP injection attempts (reported by Vicente - Aguilera) [CVE-2006-0377]. - - Handle unsolicited responses inside SORT responses properly. - - Security: Fix possible cross site scripting through the right_main - parameter of webmail.php. This now uses a whitelist of acceptable - values. [CVE-2006-0188] - - Removed invalid STARTTLS check from configtest.php script. - - Added Georgian language support. - -Version 1.4.6 Release Candidate 1 - 10 December 2005 ----------------------------------------------------- - - Added Simple Green, Silver Steel, Wood, Bluesome, Simple Green2 and - Simple Purple themes. Contributed by Pavel Spatny, Saku Lehtio - (#1188209), Vicky Pyne (#1217066 and #1217069). - - Fixes for increased error checking in PHP 5.0.5+ array_shift() (#1237160). - [PHP5] - - Added extra checks in Delivery class for In-Reply-To header. Fixes - E_NOTICE level warnings in PHP 5.0.4 and later (#1206474). [PHP5] - - Added extra checks in SquirrelMail charset_encode() function in case - somebody removes HTML to US-ASCII conversion library (#1239782). - - Ported devel fixes for PHP 5.0.4 E_NOTICE warnings in Message class - (#1164045). [PHP5] - - Auto Refresh Folder List preference now defaults to 10 Minutes, add - option for 20 Minutes. - - Fixed inline display of attached jpeg/gif/xbm attachments in Mozilla - Firefox. - - Fixed invalid reference in src/download.php. E_NOTICE level warnings - could corrupt attachments in PHP 4.4.0. - - Fixed error handling in SquirrelSpell plugin. sprintf and gettext - formating errors in check_me.mod. Reported by Edward Chapman. - - Allow configure to be ran from any directory, thanks Ceri Davies. - - Fixed reloading the cached mailbox-tree after a purge trash action. - - Fixed loading of external background-images in style attributes when - show_unsafe_images is false. - - Fix to stop deletion of mailboxes that do not exist, otherwise an - IMAP error is generated. - - Add missing break to listcommands plugin so unsubscribe works again. - - Removed function references from address book database backend class, - list_addr(), lookup() and search() functions. Referenced lookup() - function caused E_NOTICE warnings in PHP 4.4.0. Reported by Cor - Bosman. - - Fixed address book file and database backend error messages broken by - CVE-2005-1769 patches. - - Fixed compose form redirection in spamcop plugin. - - Reenabled Estonian translation. Thanks to Tanel Kindsigo. - - "Toggle all" pointless when folder list empty (#1267079). - - Readded options_identity_process and options_identity_renumber hooks - broken by CVE-2005-2095 fixes. - - Removed duplicate generic_header hook call in src/right_main.php (#1269189). - - Focus on compose screen no longer shifts automatically if user has manually - focused somewhere herself. - - Fixed placement of abook_init hook. - - Fixed IMAP search command in filters plugin. Command was breaking - sqimap_mailbox_exists() check. Reported by Daniel Watts. - - Solved function conflict between compatibility and info plugins. - - Added PHP register_globals check to configuration test utility. - - Added character set conversion to HTML message parts and HTML - attachments with character set information (#1258925). Original patch - by Peter Draganov (#1195232). - - Fixed decoding of quoted-printable text in decodeBody function. - Reported by João Carlos Mendes Luís. - - Added CR trimming to SquirrelSpell plugin in order to fix problems on - Windows systems. - - Backported truncateWithEntities function. - - Backported user definable truncation widths on subject and sender - fields. - - Load default value for INTERNALDATE sorting to be ON to match initial - preference page if user has not set anything. - - E_NOTICE and unlink error message if user hits delete multiple times - before compose page has reloaded. - - Undefined variable in view_header. - - Undefined index offset in read_body when trying to calculate next/prev - links for attached messages. - - Fixed wrapping (#1043576) and encoding (#1246305) of multibyte - charsets. Fix requires PHP with mbstring support. If mbstring support - is not present or character set is not supported by mbstring - extension, fixes are not applied. - - Rebuild URL to sound file in newmail plugin when sound file is played - (#1233530). - - Removed 'Download this as file' link from printable email version and - translate plugin. - - Added list of attachments to printable version page (#793020). - - Added sorting options to main address book listing (#543788), - (#1164435), (#1313707). - - Prevent playback of newmail sounds when media file is not selected or - set to '(none)'. - - If server side sorting was enabled, and the user had a non-default sort - enabled, and issued a search, the search would attempt to resort the - results and generate an E_NOTICE error. - - Undefined variable "size" in imap_messages. - - Variables by reference only fix in printer_friendly_bottom.php. - - Undefined index in addressbook backends. This could be caused by - import plugins. - - Undefined variable in vcard.php. - - Added bincimap (#1285099), dovecot and mercury32 presets. - - Make test for IE6 in SendDownloadHeaders also match versions higher - than 6 (#1339211). - - Allow double quote to be used in MOTD (#1276959). - - Prevent right_frame to be set to '//www.example.com'. - - Make cookies destroy code use epoch instead of 5 seconds into the past. - - Added new compose_send_after hook. - - Properly clean up temporary attachment files when saving as Draft - (#1358407) and fix removal of lingering attachments on signout. - - Fixed error message in addressbook.php lookup (#1351825). - - Fixed incorrect curly escape in sqimap_append(). Error triggered by PHP 5.1 - bugfix (#1366982). - - Fixed ContentType object check in Rfc822Header class. E_NOTICE error - in PHP 5.1. - - Login and login error pages use default theme colors (#1366050). - - Add doc/security.txt with some hints for a more secure installation. - - Suppressed fsockopen() warnings when interface is configured to use TLS on - plain SMTP port. Reported by Nicolas Mailhot. - - Disabled fuzzy matching of sprintf() formated strings in internal - gettext implementation (#1341089). - - Moved inclusion of display_messages.php out of backend-dependent location - - Moved sqm_baseuri() into more centralized location (strings.php). - - Back-ported code change to only filter undeleted emails. - - Back-ported filter code change to test for filters before issuing possibly - expensive IMAP calls. - - Sanitize Draft folder name in compose.php error message. - -Version 1.4.5 - 13 July 2005 ----------------------------- - - Update COPYING with new address of the FSF. - - Fixed bad code from patch being pasted instead of - executed. - - Fixed missing quote character in img tag if blank src is supplied. - - Really fix off-by-one error in search.php now (array_pop works - differently in different PHP versions). - - Javascript relied on rg=1 in the login page to force focus to - password box if username was supplied as a url arg (#1222617). - - Disabled unmaintained Estonian translation. - - Allowed use of wildcards in LDAP address book search expressions. Issue - is specific to 1.4.5cvs and not present in older versions. - - Security: Rewrite advanced identity handling to remove call to extraction - of all POST values. [CVE-2005-2095] - - Moved imap_logout call in view_header.php to the end of the script after - displayPageheader is called. - -Version 1.4.5 Release Candidate 1 - 15 June 2005 ------------------------------------------------- - - Make SquirrelSpell work with safe_mode enabled, if using PHP >=4.3.0. - Patch by Ray Ferguson, backported from devel. - - Add support for Mail-Followup-To header, from devel. - - Remove is_readable($data_dir) test in configtest, because SquirrelMail - functions fine with stricter permissions on that dir. - - 24hr clock format should include a leading 0. - - Fixed uid based authentication in administrator plugin. Thanks to - Gareth Johnston. - - Added three Tahoma stylesheets. - - Added required code to display error message that might occur when options - are saved. - - Fixed translations of "On DATE, AUTHOR Wrote" and "AUTHOR Wrote" replies. - - Added trailing slash for data directory used by global file based - address book (#1105760). - - Fixed possible PHP E_ALL warnings in translate plugin with GPLtrans engine - (#1100789). - - Fixed adding addresses to global address books. - - Fix typos in Deliver.class.php which caused an error with PHP 5. - - 'Priority' and 'Importance' headers are now also recognised, next to the - 'X-Priority' header that we've supported since a long time. From devel. - - Fix administrator plugin that was too picky about newlines in the - "admins" file. - - Added blank.png for missing image support. - - Fixed cid handling from Outlook Express client when it doesn't create a - valid content-id to go with CID tag. This resolves #855320, and should - be considered a workaround. The real issues needs resolving by MS. - - Strip <outbind://> tags out. This is a Microsoft only protocol and - references files local to the sending machine. This causes issues - with Internet Explorer. - - Replace <img src="outbind://"> links with clean images to stop - issues with Internet Explorer not being able to track down the - image. - - Empty src attribute on img tags causes logouts (IE only), replacing - string with blank.png. - - Added configurable reply prefix (default: ">") to display options. - - Give an error to the user when SquirrelMail is not configured yet - (instead of "failed to include config.php"). - - Fixed display of unsafe images in printer friendly view (#1124764). - - Remove NUL characters in text attachment on send (#1032366). - - Re-introduced "mailto:"-handling. - - Removed INBOX as a mailbox option in filters plugin. Fixes bug #801060. - - Disable rewrapping of a forwarded message: this messes up reply-texts - and a forwarded message should not be altered unneccessary (#1151047). - - Fix wrong path to mailout.php in listcommands plugin. - - Fixed edit form checks in address listing (#1124018). - - Sanitized searches in ldap address book backend. - - Added verbose error messages to addressbook_init() function. - - Added $force_decode option to charset_decode() function in order - to use this function correctly in charset_convert(). - - Added wrapper function in order to use more than one locale name in - setlocale() calls. Fixes translation issues on some broken glibc - systems (#1105168). - - Removed unnecessary require_once() calls from abook_take plugin. - - Fixed broken saved search display. - - Fixed broken signout page (plugins work here again). - - Fixed configtest to use correct PostgreSQL connection function (#1166228). - - Strip absolute positioning style from HTML-mails. - - Fixed administrator's plugin problems related to latest sqGetGlobalVar() - changes. - - Included local configuration file in config.php generated by - administrator's plugin. - - Fixed checking for quota when appending to Sent folder (#1172694). - - Fixed folder renaming to handle collapse_folder information, be - compatible with Cyrus-IMAPD >= 2.0 and correctly handle unsubscribed - folders. Thanks Simon Matter for the patch. (#1155791) - - Fix incorrect folder hierarchy display (#1009654), thanks - Awais Ahmad for the patch (#1082558). - - Added title box for From: column to display the address. - - Make sure From: is really an object on replies, otherwise an error is - generated trying to find reply citation (#1179754). - - Add Cancel button to addressbook (#1180565). - - RFC 2046: Send mixed messages with multipart/alternative nested boundaries - with correct boundary strings. - - Ported abook_init and abook_add_class hooks from devel. - - Fix wrapping between folder icon and name in advanced folder list - (#1187995). - - Fix folder indenting in message list didn't use folder_prefix (#726719, - #1013888). - - mail_fetch plugin should check destination folder before trying to store - messages in it. INBOX is used as fallback folder. By default plugin - can use only subscribed mail folders that can store messages (#584658). - - Added mbstring.func_overload!=0 workaround (#929644, #1061699). - src/configtest.php is modified to warn about broken PHP configuration. - - Fixed use of squirrelmail_language cookie with PHP register_globals = - off. - - Interface can default to first language listed in browser's - 'HTTP_ACCEPT_LANGUAGE' header, if default SquirrelMail language is set - to empty string (#764709). - - Default charset variable can be used to change charset used by US - English translation (#1195728). - - Fix for search. On fallback also use UID SEARCH. - - Tweak IMAP connection error display (#1203154). - - Add robots noindex/nofollow meta tag to SquirrelMail generated pages. - - Fix typo in addrbook_search.php. - - Gracefully recover from over quota error while sending a mail (#1145144). - - Added $encode_header_key and $hide_auth_header options. First option - allows to encode user's information with provided encryption key (set in - 2. Server settings -> B. Update SMTP / Sendmail settings). Second option - allows to disable authenticated user part in Received: header, when user - can't forge used email address. It is set in 4. General Options -> - 9. Allow editing of identity (#847107). - - Fix get_identities() for the case where the user has not set an email - address: use the fallback $username@$domain that's used in compose aswell. - - Fix "Include me in CC on Reply All" for the case where email address was - not set in the prefs (#781202, #1093363). - - Move documentation for SquirrelMail developers to doc/Development. - - Correct slightly inconsistent behaviour when reading a message with MDN - (#928954). - - Fix an off-by-one and a HTML-formatting bug in saved searches. - - Remove in-development default-off folder list code from left_main.php. - - Fixed broken attachments caused by inconsistency of PHP chunk_split(). - Thanks to Roalt Zijlstra. - - Identites code incorrectly assumes username does not contain domain part - and appended domain to username when no user defined email set. - (#1219184). - - Disallow access to the administrator plugin screens when the plugin is - not enabled in the config. - - Security: fix several cross site scripting (XSS) attacks. Thanks go to - Martijn Brinkers for finding a lot of these. [CVE-2005-1769] - -Version 1.4.4 - 21 January 2005 -------------------------------- - - Fix listcommands plugin to include src/ in compose links. - - Fix listcommands plugin to behave like normal reply/compose - links, and return to message page that originally called from. - - Max upload file size now correctly handles a '-1' value, meaning - unlimited (#1094569). - - Send 8-bit username or password as literals (#1081259). - - configtest.php now checks whether default language is actually - present. - - Fix 'plus instead of space in downloaded file name' issue, - which was introduced in 1.4.4-RC1 (#1076733). - - Disabled unmaintained Thai translation. - - Security: Added hook for Preferences Backend to resolve potential - insecure file inclusions. [CVE-2005-0075] - - Set up language before outputing errors in auth.php and signout.php - to make them appear in the correct language. - - Security: Fix potential file inclusion issues in src/webmail.php. - [CVE-2005-0103] - - Fixed minor bug in DMN plugin that caused it to not correctly set - lastTargetMailbox. - - Security: Fix possible XSS issues in src/webmail.php. [CVE-2005-0104] - - Correct undefined variable usage in src/webmail.php. - -Version 1.4.4 RC1 - 31 December 2004 ------------------------------------- - - Get alternating row colors of addressbook in sync with mailbox list. - - Fix bug in detecting the delimiter in a folder moved to trash. - - Trailing spaces are no longer trimmed from folder names (#818974). - - Give proper error when PEAR DB not found. - - Remove inappropriate strip_tags() from add-to-addressbook (#968475). - - Translations are no longer included by default but instead are - packaged separately. See locales/README.locales for details. - - Backport Charset Decoding functions from DEVEL branch. This vastly - increases the number of supported character sets and the performance - of decoding. - - Add src/configtest.php script which checks for common errors in the - config. - - Fixed forward in new window from search page courtesy of Jason Munro. - - Prefs caching didn't work properly with register_globals off (#995102). - - Various fixes for minor user interface glitches. - - Fixed broken POP before SMTP (password wasn't being used). - - Custom option page values now repopulate correctly. - - Added "no focus" option for compose page in display preferences (setting - reply focus to "No focus" also affects composing new messages). - - Fix bug when Saving to Draft folder that contains special characters. - - Fix RFC822 incompliant use of IP-address in Message-ID. - - Uneditable address book entries no longer have checkboxes on addresses page. - - Fix that viewing the last page of a mailbox with one message always - claimed that the total of messages in that mailbox was 1. - - Alignment of title text above folder list fixed. - - Added Uighur translation support. - - Added status bar to compose window when "Compose In New Window" is used. - - Fixed issue with user setting display of messages to 0 per page. Fixes - bug #960447. - - Detect, handle, and warn on LOGINDISABLED from IMAP server. - - Correctly sort folders including - in the name. Affects folders beginning - with the same names, but second folder has - with additional characters. - Patch courtesy of Morten Nilsen <morten[@]nilsen.com>. - - Added size limit to signatures saved in file backend. Created error_option_save - function, that allows sending error message to options page. Thanks to Martynas - Bieliauskas for spotting big signature "option". - - $agresive_decoding configuration option changed to $aggressive_decoding. - Fixed spelling. - - Fixed $custom_css loading in squirrelspell plugin. - - Referenced document (presets.txt) missing. Copied from devel. - - Make SMTP Authentication detection in conf.pl more RFC-compliant. - - Fixed IMAP errors when using mail_fetch plugin to auto-fetch on login. - - Fixed folder list in Create Folders list for Courier (properly skip INBOX). - - Corrected poor English in a string (#775978). - - Corrected bug in SquirrelSpell that'd put the corrected spelling on the wrong - line if quoting inline, or below the original email (#906217). - - LC_NUMERIC locale is set to C. Some plugins might use decimal delimiters - incorrectly (#1027130). - - Turkish translation uses C character case conversion rules. Fixes PHP and - squirrelmail functions are assume English conversion rules. - - Removed X-Mailer header from SquirrelMail. SpamAssassin 3.0 detects - User-Agent... [truncated message content] |
From: <pdo...@us...> - 2009-03-26 22:26:45
|
Revision: 13467 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13467&view=rev Author: pdontthink Date: 2009-03-26 22:26:34 +0000 (Thu, 26 Mar 2009) Log Message: ----------- Put sample .htaccess in all directories browser does not access directly Added Paths: ----------- branches/SM-1_4-STABLE/squirrelmail/class/.htaccess branches/SM-1_4-STABLE/squirrelmail/config/.htaccess branches/SM-1_4-STABLE/squirrelmail/contrib/.htaccess branches/SM-1_4-STABLE/squirrelmail/functions/.htaccess branches/SM-1_4-STABLE/squirrelmail/help/.htaccess branches/SM-1_4-STABLE/squirrelmail/include/.htaccess branches/SM-1_4-STABLE/squirrelmail/locale/.htaccess branches/SM-1_4-STABLE/squirrelmail/po/.htaccess Added: branches/SM-1_4-STABLE/squirrelmail/class/.htaccess =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/class/.htaccess (rev 0) +++ branches/SM-1_4-STABLE/squirrelmail/class/.htaccess 2009-03-26 22:26:34 UTC (rev 13467) @@ -0,0 +1 @@ +Deny from All Added: branches/SM-1_4-STABLE/squirrelmail/config/.htaccess =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/config/.htaccess (rev 0) +++ branches/SM-1_4-STABLE/squirrelmail/config/.htaccess 2009-03-26 22:26:34 UTC (rev 13467) @@ -0,0 +1 @@ +Deny from All Added: branches/SM-1_4-STABLE/squirrelmail/contrib/.htaccess =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/contrib/.htaccess (rev 0) +++ branches/SM-1_4-STABLE/squirrelmail/contrib/.htaccess 2009-03-26 22:26:34 UTC (rev 13467) @@ -0,0 +1,5 @@ +Order Deny,Allow +Deny from All +Allow from 127 +Allow from 10 +Allow from 192 Added: branches/SM-1_4-STABLE/squirrelmail/functions/.htaccess =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/.htaccess (rev 0) +++ branches/SM-1_4-STABLE/squirrelmail/functions/.htaccess 2009-03-26 22:26:34 UTC (rev 13467) @@ -0,0 +1 @@ +Deny from All Added: branches/SM-1_4-STABLE/squirrelmail/help/.htaccess =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/help/.htaccess (rev 0) +++ branches/SM-1_4-STABLE/squirrelmail/help/.htaccess 2009-03-26 22:26:34 UTC (rev 13467) @@ -0,0 +1 @@ +Deny from All Added: branches/SM-1_4-STABLE/squirrelmail/include/.htaccess =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/include/.htaccess (rev 0) +++ branches/SM-1_4-STABLE/squirrelmail/include/.htaccess 2009-03-26 22:26:34 UTC (rev 13467) @@ -0,0 +1 @@ +Deny from All Added: branches/SM-1_4-STABLE/squirrelmail/locale/.htaccess =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/locale/.htaccess (rev 0) +++ branches/SM-1_4-STABLE/squirrelmail/locale/.htaccess 2009-03-26 22:26:34 UTC (rev 13467) @@ -0,0 +1 @@ +Deny from All Added: branches/SM-1_4-STABLE/squirrelmail/po/.htaccess =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/po/.htaccess (rev 0) +++ branches/SM-1_4-STABLE/squirrelmail/po/.htaccess 2009-03-26 22:26:34 UTC (rev 13467) @@ -0,0 +1 @@ +Deny from All This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2009-04-02 00:39:23
|
Revision: 13502 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13502&view=rev Author: pdontthink Date: 2009-04-02 00:39:22 +0000 (Thu, 02 Apr 2009) Log Message: ----------- Default Content-Transfer-Encoding is now RFC-compliant "7bit" instead of "us-ascii". (#1942060) Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/class/mime/Message.class.php branches/SM-1_4-STABLE/squirrelmail/src/download.php branches/SM-1_4-STABLE/squirrelmail/src/read_body.php Modified: branches/SM-1_4-STABLE/squirrelmail/class/mime/Message.class.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/class/mime/Message.class.php 2009-04-02 00:39:15 UTC (rev 13501) +++ branches/SM-1_4-STABLE/squirrelmail/class/mime/Message.class.php 2009-04-02 00:39:22 UTC (rev 13502) @@ -362,7 +362,7 @@ $hdr = new MessageHeader(); $hdr->type0 = 'text'; $hdr->type1 = 'plain'; - $hdr->encoding = 'us-ascii'; + $hdr->encoding = '7bit'; } else { $msg->header->type0 = 'multipart'; $msg->type0 = 'multipart'; Modified: branches/SM-1_4-STABLE/squirrelmail/src/download.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/src/download.php 2009-04-02 00:39:15 UTC (rev 13501) +++ branches/SM-1_4-STABLE/squirrelmail/src/download.php 2009-04-02 00:39:22 UTC (rev 13502) @@ -78,7 +78,7 @@ /* raw message */ $type0 = 'message'; $type1 = 'rfc822'; - $encoding = 'US-ASCII'; + $encoding = '7bit'; $header = $message->header; } Modified: branches/SM-1_4-STABLE/squirrelmail/src/read_body.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/src/read_body.php 2009-04-02 00:39:15 UTC (rev 13501) +++ branches/SM-1_4-STABLE/squirrelmail/src/read_body.php 2009-04-02 00:39:22 UTC (rev 13502) @@ -266,7 +266,7 @@ if ($special_encoding) { $mime_header->encoding = $special_encoding; } else { - $mime_header->encoding = 'us-ascii'; + $mime_header->encoding = '7bit'; } if ($default_charset) { $mime_header->parameters['charset'] = $default_charset; @@ -291,7 +291,7 @@ $mime_header = new MessageHeader; $mime_header->type0 = 'message'; $mime_header->type1 = 'disposition-notification'; - $mime_header->encoding = 'us-ascii'; + $mime_header->encoding = '7bit'; $part2->mime_header = $mime_header; $composeMessage = new Message(); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pdo...@us...> - 2009-04-03 08:07:48
|
Revision: 13510 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13510&view=rev Author: pdontthink Date: 2009-04-03 08:07:37 +0000 (Fri, 03 Apr 2009) Log Message: ----------- Encode outgoing attachments that have lines longer than allowed per RFC. Otherwise, they can be corrupted when artificially (forced) folding - unfolding typically produces an extra space at the fold in most MUAs. This fixes #2226470 and #1473714. Thanks to Kelly Fallon. Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/class/deliver/Deliver.class.php branches/SM-1_4-STABLE/squirrelmail/functions/global.php Modified: branches/SM-1_4-STABLE/squirrelmail/class/deliver/Deliver.class.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/class/deliver/Deliver.class.php 2009-04-03 04:18:06 UTC (rev 13509) +++ branches/SM-1_4-STABLE/squirrelmail/class/deliver/Deliver.class.php 2009-04-03 08:07:37 UTC (rev 13510) @@ -281,15 +281,50 @@ global $username, $attachment_dir; $hashed_attachment_dir = getHashedDir($username, $attachment_dir); $filename = $message->att_local_name; + + // inspect attached file for lines longer than allowed by RFC, + // in which case we'll be using base64 encoding (so we can split + // the lines up without corrupting them) instead of 8bit unencoded... + // (see RFC 2822/2.1.1) + // + // using 990 because someone somewhere is folding lines at + // 990 instead of 998 and I'm too lazy to find who it is + // + $file_has_long_lines = file_has_long_lines($hashed_attachment_dir + . '/' . $filename, 990); + $file = fopen ($hashed_attachment_dir . '/' . $filename, 'rb'); - while ($body_part = fgets($file, 4096)) { - $length += $this->clean_crlf($body_part); - if ($stream) { - $this->preWriteToStream($body_part); - $this->writeToStream($stream, $body_part); + + // long lines were found, need to use base64 encoding + // + if ($file_has_long_lines) { + while ($tmp = fread($file, 570)) { + $body_part = chunk_split(base64_encode($tmp)); + // Up to 4.3.10 chunk_split always appends a newline, + // while in 4.3.11 it doesn't if the string to split + // is shorter than the chunk length. + if( substr($body_part, -1 , 1 ) != "\n" ) + $body_part .= "\n"; + $length += $this->clean_crlf($body_part); + if ($stream) { + $this->writeToStream($stream, $body_part); + } } - $last = $body_part; } + + // no excessively long lines - normal 8bit + // + else { + while ($body_part = fgets($file, 4096)) { + $length += $this->clean_crlf($body_part); + if ($stream) { + $this->preWriteToStream($body_part); + $this->writeToStream($stream, $body_part); + } + $last = $body_part; + } + } + fclose($file); } break; @@ -458,10 +493,29 @@ $encoding = $mime_header->encoding; $header[] = 'Content-Transfer-Encoding: ' . $mime_header->encoding . $rn; } else { - if ($mime_header->type0 == 'text' || $mime_header->type0 == 'message') { + + // inspect attached file for lines longer than allowed by RFC, + // in which case we'll be using base64 encoding (so we can split + // the lines up without corrupting them) instead of 8bit unencoded... + // (see RFC 2822/2.1.1) + // + if (!empty($message->att_local_name)) { // is this redundant? I have no idea + global $username, $attachment_dir; + $hashed_attachment_dir = getHashedDir($username, $attachment_dir); + $filename = $hashed_attachment_dir . '/' . $message->att_local_name; + + // using 990 because someone somewhere is folding lines at + // 990 instead of 998 and I'm too lazy to find who it is + // + $file_has_long_lines = file_has_long_lines($filename, 990); + } else + $file_has_long_lines = FALSE; + + if ($mime_header->type0 == 'multipart' || $mime_header->type0 == 'alternative') { + /* no-op; no encoding needed */ + } else if (($mime_header->type0 == 'text' || $mime_header->type0 == 'message') + && !$file_has_long_lines) { $header[] = 'Content-Transfer-Encoding: 8bit' . $rn; - } else if ($mime_header->type0 == 'multipart' || $mime_header->type0 == 'alternative') { - /* no-op; no encoding needed */ } else { $header[] = 'Content-Transfer-Encoding: base64' . $rn; } Modified: branches/SM-1_4-STABLE/squirrelmail/functions/global.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/global.php 2009-04-03 04:18:06 UTC (rev 13509) +++ branches/SM-1_4-STABLE/squirrelmail/functions/global.php 2009-04-03 08:07:37 UTC (rev 13510) @@ -520,3 +520,32 @@ return FALSE; } +/** + * Determine if there are lines in a file longer than a given length + * + * @param string $filename The full file path of the file to inspect + * @param int $max_length If any lines in the file are GREATER THAN + * this number, this function returns TRUE. + * + * @return boolean TRUE as explained above, otherwise, (no long lines + * found) FALSE is returned. + * + */ +function file_has_long_lines($filename, $max_length) { + + $FILE = @fopen($filename, 'rb'); + + if ($FILE) { + while (!feof($FILE)) { + $buffer = fgets($FILE, 4096); + if (strlen($buffer) > $max_length) { + fclose($FILE); + return TRUE; + } + } + fclose($FILE); + } + + return FALSE; +} + This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <jer...@us...> - 2009-04-13 16:53:04
|
Revision: 13537 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13537&view=rev Author: jervfors Date: 2009-04-13 16:52:57 +0000 (Mon, 13 Apr 2009) Log Message: ----------- Removed "www." from links where it isn't needed. Removed non-working link to the feedback page. Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/config/conf.pl branches/SM-1_4-STABLE/squirrelmail/config/config_default.php branches/SM-1_4-STABLE/squirrelmail/contrib/RPM/config.php.redhat branches/SM-1_4-STABLE/squirrelmail/contrib/RPM/squirrelmail.spec branches/SM-1_4-STABLE/squirrelmail/contrib/conf.pl.8 branches/SM-1_4-STABLE/squirrelmail/doc/INSTALL branches/SM-1_4-STABLE/squirrelmail/doc/README branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php branches/SM-1_4-STABLE/squirrelmail/help/en_US/FAQ.hlp branches/SM-1_4-STABLE/squirrelmail/help/en_US/basic.hlp branches/SM-1_4-STABLE/squirrelmail/plugins/bug_report/bug_report.php Modified: branches/SM-1_4-STABLE/squirrelmail/config/conf.pl =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/config/conf.pl 2009-04-10 15:27:21 UTC (rev 13536) +++ branches/SM-1_4-STABLE/squirrelmail/config/conf.pl 2009-04-13 16:52:57 UTC (rev 13537) @@ -1,7 +1,7 @@ #!/usr/bin/env perl # conf.pl # -# Copyright (c) 1999-2007 The SquirrelMail Project Team +# Copyright (c) 1999-2009 The SquirrelMail Project Team # Licensed under the GNU GPL. For full terms see COPYING. # # A simple configure script to configure SquirrelMail @@ -140,7 +140,7 @@ print " should get the 'config_default.php' that matches the version\n"; print " of SquirrelMail that you are running. You can get this from\n"; print " the SquirrelMail web page by going to the following URL:\n"; - print " http://www.squirrelmail.org.\n"; + print " http://squirrelmail.org.\n"; print "\n"; print "Continue loading with old config_default.php (a bad idea) [y/N]? "; $ctu = <STDIN>; @@ -298,7 +298,7 @@ $noselect_fix_enable = "false" if ( !$noselect_fix_enable ); $frame_top = "_top" if ( !$frame_top ); -$provider_uri = "http://www.squirrelmail.org/" if ( !$provider_uri ); +$provider_uri = "http://squirrelmail.org/" if ( !$provider_uri ); $provider_name = "SquirrelMail" if ( !$provider_name ); $edit_identity = "true" if ( !$edit_identity ); @@ -842,7 +842,7 @@ print " to use the default logo, use ../images/sm_logo.png\n"; print " - To specify a logo defined outside the SquirrelMail source tree\n"; print " use the absolute URL the webserver would use to include the file\n"; - print " e.g. http://www.example.com/images/mylogo.gif or /images/mylogo.jpg\n"; + print " e.g. http://example.com/images/mylogo.gif or /images/mylogo.jpg\n"; print "\n"; print "[$WHT$org_logo$NRM]: $WHT"; $new_org_logo = <STDIN>; @@ -940,12 +940,12 @@ # Default link to provider sub command7 { print "Here you can set the link on the right of the page.\n"; - print "The default is 'http://www.squirrelmail.org/'\n"; + print "The default is 'http://squirrelmail.org/'\n"; print "\n"; print "[$WHT$provider_uri$NRM]: $WHT"; $new_provider_uri = <STDIN>; if ( $new_provider_uri eq "\n" ) { - $new_provider_uri = 'http://www.squirrelmail.org/'; + $new_provider_uri = 'http://squirrelmail.org/'; } else { $new_provider_uri =~ s/[\r|\n]//g; $new_provider_uri =~ s/^\s+$//g; @@ -2623,7 +2623,7 @@ print " to use the themes directory, use ../themes/css/newdefault.css\n"; print " - To specify a css file defined outside the SquirrelMail source tree\n"; print " use the absolute URL the webserver would use to include the file\n"; - print " e.g. http://www.example.com/css/mystyle.css or /css/mystyle.css\n"; + print " e.g. http://example.com/css/mystyle.css or /css/mystyle.css\n"; print "\n"; print "[$WHT$theme_css$NRM]: $WHT"; $new_theme_css = <STDIN>; Modified: branches/SM-1_4-STABLE/squirrelmail/config/config_default.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/config/config_default.php 2009-04-10 15:27:21 UTC (rev 13536) +++ branches/SM-1_4-STABLE/squirrelmail/config/config_default.php 2009-04-13 16:52:57 UTC (rev 13537) @@ -15,7 +15,7 @@ * passwords being leaked to e.g. other system users. Take extra care when * the webserver is shared with untrusted users. * - * @copyright © 2000-2007 The SquirrelMail Project Team + * @copyright © 2000-2009 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -103,7 +103,7 @@ * option set to true. * @global string $provider_uri */ -$provider_uri = 'http://www.squirrelmail.org/'; +$provider_uri = 'http://squirrelmail.org/'; /*** Server Settings ***/ /** @@ -666,8 +666,8 @@ * https://webmail.example.com:6691 * * To be clear: do not include any of the path elements, so if - * SquirrelMail is at http://www.example.net/web/mail/src/login.php, you - * write: http://www.example.net + * SquirrelMail is at http://example.net/web/mail/src/login.php, you + * write: http://example.net * * @global string $config_location_base * @since 1.4.8 Modified: branches/SM-1_4-STABLE/squirrelmail/contrib/RPM/config.php.redhat =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/contrib/RPM/config.php.redhat 2009-04-10 15:27:21 UTC (rev 13536) +++ branches/SM-1_4-STABLE/squirrelmail/contrib/RPM/config.php.redhat 2009-04-13 16:52:57 UTC (rev 13537) @@ -17,7 +17,7 @@ $signout_page = ''; $frame_top = '_top'; -$provider_uri = 'http://www.squirrelmail.org/'; +$provider_uri = 'http://squirrelmail.org/'; $provider_name = 'SquirrelMail'; Modified: branches/SM-1_4-STABLE/squirrelmail/contrib/RPM/squirrelmail.spec =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/contrib/RPM/squirrelmail.spec 2009-04-10 15:27:21 UTC (rev 13536) +++ branches/SM-1_4-STABLE/squirrelmail/contrib/RPM/squirrelmail.spec 2009-04-13 16:52:57 UTC (rev 13537) @@ -23,7 +23,7 @@ Version: 1.4.3 Release: %{rpm_release} License: GPL -URL: http://www.squirrelmail.org/ +URL: http://squirrelmail.org/ Vendor: squirrelmail.org Group: Applications/Internet Source: %{name}-%{version}.tar.bz2 Modified: branches/SM-1_4-STABLE/squirrelmail/contrib/conf.pl.8 =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/contrib/conf.pl.8 2009-04-10 15:27:21 UTC (rev 13536) +++ branches/SM-1_4-STABLE/squirrelmail/contrib/conf.pl.8 2009-04-13 16:52:57 UTC (rev 13537) @@ -26,11 +26,11 @@ Disable a plugin. Deactivates the plugin and saves SquirrelMail configuration. .SH "BUGS" If you find bugs in SquirrelMail configuration utility or this manual, you can -report them in SquirrelMail bug tracker. See \fBhttp://www.squirrelmail.org/bugs\fR +report them in SquirrelMail bug tracker. See \fBhttp://squirrelmail.org/bugs\fR .SH "AUTHOR" Tomas Kuliavas <to...@us...> .SH "COPYRIGHT" -Copyright (c) 2006 The SquirrelMail Project Team +Copyright (c) 2006-2009 The SquirrelMail Project Team .SH "LICENSE" This manual is licensed under GNU General Public License. See COPYING file included in the SquirrelMail package or Modified: branches/SM-1_4-STABLE/squirrelmail/doc/INSTALL =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/doc/INSTALL 2009-04-10 15:27:21 UTC (rev 13536) +++ branches/SM-1_4-STABLE/squirrelmail/doc/INSTALL 2009-04-13 16:52:57 UTC (rev 13537) @@ -27,9 +27,9 @@ - Run config/conf.pl from the command line. Use the D option to load predefined options for specific IMAP servers, and edit at least the Server Settings and General Options (datadir). -- Browse to http://www.example.com/yourwebmaillocation/src/configtest.php +- Browse to http://example.com/yourwebmaillocation/src/configtest.php to test your configuration for common errors. -- Browse to http://www.example.com/yourwebmaillocation/ to log in. +- Browse to http://example.com/yourwebmaillocation/ to log in. 1. CONFIGURE YOUR WEBSERVER TO WORK WITH PHP @@ -39,7 +39,7 @@ to work with PHP. You need at least PHP v4.1.0. SquirrelMail uses the standard suffix .php for all PHP files. - You can find PHP at http://www.php.net. See the documentation that + You can find PHP at http://php.net. See the documentation that comes with PHP for instructions how to set it up. The PHP IMAP extension is NOT necessary at all (but won't harm)! @@ -90,7 +90,7 @@ ---------------------------------------- SquirrelMail is constantly being improved. Therefore you should always - get the newest version around. Look at http://www.squirrelmail.org + get the newest version around. Look at http://squirrelmail.org to see what it is. If you want to be bleeding edge you might want to consider using the latest SVN version (with the latest and most fashionable bugs). @@ -188,7 +188,7 @@ Point your browser at the URL at which SquirrelMail is installed. A possible example of this is: - http://www.example.com/squirrelmail + http://example.com/squirrelmail It should be pretty straight forward to use. Some more documentation might show up one day or another. Modified: branches/SM-1_4-STABLE/squirrelmail/doc/README =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/doc/README 2009-04-10 15:27:21 UTC (rev 13536) +++ branches/SM-1_4-STABLE/squirrelmail/doc/README 2009-04-13 16:52:57 UTC (rev 13537) @@ -1,5 +1,5 @@ SquirrelMail -http://www.squirrelmail.org +http://squirrelmail.org Introduction: ------------- @@ -29,11 +29,6 @@ have a few minutes, please send us an email to let us know! You can send it to our mailing list: squ...@li... -You can also go to the page below and fill out a small form to get listed -with the list of people already using SquirrelMail (free advertising). - - http://www.squirrelmail.org/feedback.php - Contact: -------- It is pretty easy to get in contact with the developers if you need help or @@ -43,7 +38,7 @@ squ...@li... NOTE: you need to be subscribed to this mailinglist to be able to post to it! -Please visit our web page (http://www.squirrelmail.org) and go to the section +Please visit our web page (http://squirrelmail.org) and go to the section titled "Mailing Lists". Installation: Modified: branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes 2009-04-10 15:27:21 UTC (rev 13536) +++ branches/SM-1_4-STABLE/squirrelmail/doc/ReleaseNotes 2009-04-13 16:52:57 UTC (rev 13537) @@ -88,7 +88,7 @@ it pertains to, and list as many details about your system as possible, including your IMAP server and web server details. - http://www.squirrelmail.org/bugs + http://squirrelmail.org/bugs Thanks for your cooperation! This helps us to make sure nothing slips through the cracks. Modified: branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php 2009-04-10 15:27:21 UTC (rev 13536) +++ branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php 2009-04-13 16:52:57 UTC (rev 13537) @@ -5,7 +5,7 @@ * * Prints the page header (duh) * - * @copyright © 1999-2007 The SquirrelMail Project Team + * @copyright © 1999-2009 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -293,7 +293,7 @@ if (!$hide_sm_attributions) { echo html_tag( 'td', '', 'right' ) ."\n"; - if (!isset($provider_uri)) $provider_uri= 'http://www.squirrelmail.org/'; + if (!isset($provider_uri)) $provider_uri= 'http://squirrelmail.org/'; if (!isset($provider_name)) $provider_name= 'SquirrelMail'; echo '<a href="'.$provider_uri.'" target="_blank">'.$provider_name.'</a>'; echo "</td>\n"; Modified: branches/SM-1_4-STABLE/squirrelmail/help/en_US/FAQ.hlp =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/help/en_US/FAQ.hlp 2009-04-10 15:27:21 UTC (rev 13536) +++ branches/SM-1_4-STABLE/squirrelmail/help/en_US/FAQ.hlp 2009-04-13 16:52:57 UTC (rev 13537) @@ -45,7 +45,7 @@ <description> <p> A lot of people helped out. To get a list of them, you can visit our - web site <a href="http://www.squirrelmail.org" target=_top>www.squirrelmail.org</a>. + web site <a href="http://squirrelmail.org" target=_top>squirrelmail.org</a>. </p> </description> </section> Modified: branches/SM-1_4-STABLE/squirrelmail/help/en_US/basic.hlp =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/help/en_US/basic.hlp 2009-04-10 15:27:21 UTC (rev 13536) +++ branches/SM-1_4-STABLE/squirrelmail/help/en_US/basic.hlp 2009-04-13 16:52:57 UTC (rev 13537) @@ -8,8 +8,8 @@ </summary> <description> <p> - So what exactly is <a href="http://www.squirrelmail.org/">SquirrelMail</a>? - It's a web interface to email that's written in <a href="http://www.php.net">PHP</a>. + So what exactly is <a href="http://squirrelmail.org/">SquirrelMail</a>? + It's a web interface to email that's written in <a href="http://php.net">PHP</a>. It was designed to allow email access through your server from anywhere in the world via the Web. More information about exactly how it does this and the IMAP protocol can be found <a href="http://imap.org">here</a>. Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/bug_report/bug_report.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/plugins/bug_report/bug_report.php 2009-04-10 15:27:21 UTC (rev 13536) +++ branches/SM-1_4-STABLE/squirrelmail/plugins/bug_report/bug_report.php 2009-04-13 16:52:57 UTC (rev 13537) @@ -8,7 +8,7 @@ * a button to show the bug report mail message in order to actually * send it. * - * Copyright (c) 1999-2008 The SquirrelMail Project Team + * Copyright (c) 1999-2009 The SquirrelMail Project Team * Licensed under the GNU GPL. For full terms see the file COPYING. * * This is a standard Squirrelmail-1.2 API for plugins. @@ -180,7 +180,7 @@ echo '<ul>'; echo '<li>'; -printf(_("Make sure that you are running the most recent copy of %s. You are currently using version %s."), '<a href="http://www.squirrelmail.org/" target="_blank">SquirrelMail</a>', $version); +printf(_("Make sure that you are running the most recent copy of %s. You are currently using version %s."), '<a href="http://squirrelmail.org/" target="_blank">SquirrelMail</a>', $version); echo "</li>\n"; echo '<li>'; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |